CN110955884A - Method and device for determining upper limit times of password trial and error - Google Patents

Method and device for determining upper limit times of password trial and error Download PDF

Info

Publication number
CN110955884A
CN110955884A CN201911224947.XA CN201911224947A CN110955884A CN 110955884 A CN110955884 A CN 110955884A CN 201911224947 A CN201911224947 A CN 201911224947A CN 110955884 A CN110955884 A CN 110955884A
Authority
CN
China
Prior art keywords
account
target
user
login
target user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911224947.XA
Other languages
Chinese (zh)
Other versions
CN110955884B (en
Inventor
朱江波
张盛素
高鹏
李开峰
刘真真
李谞玥
董海丰
邱丽娇
万荃
时福林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bank of China Ltd
Original Assignee
Bank of China Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bank of China Ltd filed Critical Bank of China Ltd
Priority to CN201911224947.XA priority Critical patent/CN110955884B/en
Publication of CN110955884A publication Critical patent/CN110955884A/en
Application granted granted Critical
Publication of CN110955884B publication Critical patent/CN110955884B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • General Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • Technology Law (AREA)
  • General Business, Economics & Management (AREA)
  • Information Transfer Between Computers (AREA)
  • User Interface Of Digital Computer (AREA)

Abstract

The embodiment of the application provides a method and a device for determining the upper limit times of password trial and error, wherein the method comprises the following steps: receiving and determining a target account for which an account login operation initiated by a current user is directed; determining identity information of a target user corresponding to a target account; according to the identity information of the target user, inquiring and according to the input record of the login password during the account login operation within the preset time period of the target user, determining the times which accord with the historical behavior characteristics of the target user, and using the times as the upper limit times of trial and error of the login password in the account login operation initiated by the current user. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during the account login operation in the existing method is not targeted and is not reasonable enough, and the use experience of the user during the normal account login operation is influenced are solved.

Description

Method and device for determining upper limit times of password trial and error
Technical Field
The present application relates to the field of business data processing technologies, and in particular, to a method and an apparatus for determining an upper limit number of password trial and error.
Background
In many business application scenarios, if a user wants to log in an account, for example, a bank card account, to perform a corresponding business operation, the user usually needs to input a name of the account to be logged in and a corresponding login password in a login interface displayed on a related device to request to log in the account. The system server can carry out matching verification on the account name and the login password input by the user, and the user can log in the account to carry out corresponding business operation after the matching verification of the system server is passed.
The system server usually sets a uniform upper limit number of trial and error of the login password for different users, so as to allow the users to have an opportunity to re-input the correct login password to log in the account under the condition that the user wrongly inputs the login password within the range of the upper limit number of times. If the number of times of errors of continuously inputting the login password by the user is larger than or equal to the upper limit number of times, in order to protect the security of the account data of the user and avoid that the illegal user tries the login password of the user by performing a plurality of account login operations, the system server temporarily freezes the account to protect the security of the account data of the account.
However, in specific implementation, it is found that the upper limit number of trial and error of the login password set based on the method is often not reasonable enough for some users, so that the use experience of some users in normal account login operation is relatively poor.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides a method and a device for determining the upper limit times of password trial and error, and aims to solve the technical problems that the upper limit times of login password trial and error set for a user during account login operation in the existing method are not targeted and are not reasonable enough, and the use experience of the user during normal account login operation is influenced.
The embodiment of the application provides a method for determining the upper limit times of password trial and error, which comprises the following steps:
receiving and determining a target account for which an account login operation initiated by a current user is directed;
determining identity information of a target user corresponding to the target account;
inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user;
and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
In one embodiment, after determining the number of times that the historical behavior characteristics of the target user are met according to the input record of the login password during the account login operation performed within the preset time period of the target user, as an upper limit number of trial and error on the login password in the account login operation initiated by the current user, the method further includes:
accumulating the accumulated error times of the login password when the current user performs account login operation aiming at the target account;
and when detecting that the accumulated error input times of the login password is more than or equal to the upper limit times of trial and error of the login password when the current user performs the account login operation aiming at the target account, preventing the current user from continuing the account login operation aiming at the target account.
In one embodiment, preventing the current user from continuing with an account login operation for the target account includes:
and freezing the target account, and/or closing an operation interface of the current user for performing account login operation aiming at the target account.
In one embodiment, after preventing the current user from continuing the account login operation for the target account, the method further comprises:
and generating alarm prompt information, wherein the alarm prompt information is used for prompting that the probability value of the current user not being the target user is greater than a preset probability threshold value.
In one embodiment, determining the number of times of meeting the historical behavior characteristics of the target user according to the input record of the login password during the account login operation performed by the target user within the preset time period includes:
according to the input record of the login password when the target user performs the account login operation within the preset time period, counting the maximum value of the error input times of the login password when the target user performs the account login operation within the preset time period as the reference times;
and determining the sum of the reference times and the preset tolerance times as the times according with the historical behavior characteristics of the target user.
In one embodiment, after counting a maximum value of the number of times of missing the login password when the target user performs the account login operation within the preset time period as a reference number according to the input record of the login password when performing the account login operation within the preset time period of the target user, the method further includes:
determining the operation frequency of the target user for carrying out account login operation in the preset time period according to the input record of the login password during the account login operation of the target user in the preset time period;
and adjusting the tolerance times according to the operation frequency.
In one embodiment, after counting a maximum value of the number of times of missing the login password when the target user performs the account login operation within the preset time period as a reference number according to the input record of the login password when performing the account login operation within the preset time period of the target user, the method further includes:
determining the importance degree of account data related to the target account;
and adjusting the tolerance times according to the importance degree.
In one embodiment, after counting a maximum value of the number of times of missing the login password when the target user performs the account login operation within the preset time period as a reference number according to the input record of the login password when performing the account login operation within the preset time period of the target user, the method further includes:
determining the current time point of account login operation initiated by the current user;
and adjusting the tolerance times according to the current time point.
In one embodiment, the target account includes at least one of: the method comprises the steps of a bank card account of a target user, an electronic payment account of the target user, a social software account of the target user and a shopping website account of the target user.
The embodiment of the present application further provides a device for determining the upper limit number of password trial and error, including:
the first determination module is used for receiving and determining a target account for which an account login operation initiated by a current user aims;
the second determining module is used for determining the identity information of the target user corresponding to the target account;
the query module is used for querying the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user;
and the third determining module is used for determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, and the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
In one embodiment, the apparatus further comprises an accumulation module and a processing module, wherein,
the accumulation module is used for accumulating the accumulated error times of the login password when the current user performs account login operation aiming at the target account;
the processing module is used for preventing the current user from continuing to perform the account login operation aiming at the target account under the condition that the accumulated error input times of the login password is larger than or equal to the upper limit times of the login password trial and error when the current user performs the account login operation aiming at the target account.
The embodiment of the application also provides electronic equipment, which comprises a processor and a memory for storing processor executable instructions, wherein the processor receives and determines a target account for which the account login operation initiated by the current user is directed when executing the instructions; determining identity information of a target user corresponding to the target account; inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user; and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
The embodiment of the application also provides a computer readable storage medium, on which computer instructions are stored, and when the instructions are executed, the instructions realize that a target account for which an account login operation initiated by a current user is directed is received and determined; determining identity information of a target user corresponding to the target account; inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user; and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
In the embodiment of the application, specific behavior characteristics of different users are considered, and the upper limit times of trial and error of the login password which is consistent with the historical behavior characteristics of the target user of the target account which the current user wants to log in is determined in a targeted manner by acquiring and according to the input record of the login password during the account login operation of the target user within the preset time period, so that the account login operation initiated by the current user for the target account can be effectively and reasonably controlled according to the upper limit times. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during the account login operation are not targeted and are not reasonable enough and the use experience of the user during the normal account login operation is influenced in the existing method are solved, and the technical effects that the upper limit times of trial and error of the corresponding proper login password can be set for different users according to the specific behavior characteristics of different users, so that the use experience of the user during the normal account login operation is considered, the user can be managed and controlled to perform the account login operation, and the account data safety of the target account is protected are achieved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a process flow diagram of a method for determining an operation time of a business operation provided according to an embodiment of the present application;
fig. 2 is a block diagram of a device for determining an upper limit number of trial and error of a password according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an electronic device based on a method for determining an upper limit number of password trial and error provided in an embodiment of the present application.
Detailed Description
In order to make those skilled in the art better understand the technical solutions in the present application, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Considering that the existing method for determining the upper limit times of password trial and error does not always consider the specific situations of different users, different behavior characteristics of the users are not distinguished, but a uniform number of times is set for all the users to serve as the upper limit times of password trial and error login when the different users perform account login operation. And then the account login operation of the user can be correspondingly controlled according to the upper limit times, and if the error times of inputting the login password are more than or equal to the upper limit times when the user performs the account login operation, the account can be directly frozen. Based on the method, during specific implementation, the determined upper limit times of trial and error of the login password are not targeted, so that the upper limit times are not reasonable enough, and even the use experience of a user in normal account login operation is influenced.
For example, the user a is an old person, which is elderly and has relatively bad memorability, and often finds and inputs the correct login password after inputting the login password for many times during the login operation of the bank account, so as to log in the bank account of the user. For the user a, the upper limit number of trial and error of the login password set by the system server is often insufficient, so that the possibility that the user a continuously inputs and mistakes the login password for multiple times and before finding the correct login password, the input and error number of the login password reaches the upper limit number of trial and error of the login password uniformly set by the system server, and further the user a cannot normally log in the bank account of the user a, and the use experience of the user a in account login operation is influenced.
For another example, the user B is a young person, the memorability is relatively good, and the situation that the login password is wrongly input does not occur when the user B logs in the bank account of the user B, at this time, the upper limit number of trial and error of the login password set by the system server is too large for the user B, but convenience is provided for other users to try the password of the bank account of the user B for multiple times, and the data security of the bank account of the user B is affected.
Therefore, when the existing method for determining the upper limit times of password trial and error is implemented specifically, the upper limit times of login password trial and error set for a user during account login operation is not targeted and is not reasonable enough, and the technical problem that the use experience of the user during normal account login operation is influenced is often caused.
For the root cause of the technical problem, the application considers that the corresponding and proper upper limit times of trial and error of the login password can be set for different accounts in a differentiated manner according to the historical behavior characteristics of the users corresponding to the different accounts, so that the specific situation of the users corresponding to the accounts can be fully considered, the user experience of normal account login operation of the users is considered, and the safety of the account data of the users is effectively protected. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during account login operation in the existing method is not targeted and is not reasonable enough, and the use experience of the user during normal account login operation is influenced can be solved well.
Based on the thought, the embodiment of the application provides a method for determining the upper limit times of password trial and error. Specifically, please refer to a processing flow chart of a method for determining an upper limit number of password trial and error according to an embodiment of the present application shown in fig. 1. The method for determining the upper limit number of password trial and error provided in the embodiment of the present application may include the following steps in specific implementation.
S101: and receiving and determining a target account for which the account login operation initiated by the current user aims.
In an embodiment, the method for determining the upper limit number of password trial and error may be specifically applied to a system server in a related service scenario. In specific implementation, the system server is responsible for generating the upper limit times of trial and error of the login password of each account.
In one embodiment, the method for determining the upper limit number of password trial and error can also be applied to self-service operation equipment provided by a service provider, for example, an ATM (Automatic Teller Machine) of a bank, or an ATM provided in the bank for guiding and serving a customer self-service Machine, a self-service inquiry Machine, and the like. Of course, the above listed self-service operation devices are only illustrative. In specific implementation, the method can be applied to self-service operation equipment in other service scenes according to specific application scenes. For example, a self-service ticket vending machine installed at a train station.
In addition, the method for determining the upper limit number of password trial and error can be applied to client devices owned and used by the user, such as smart phones, desktop computers, notebook computers and the like of the user.
In one embodiment, the account may specifically include a bank card account, an electronic payment account, a social software account, and the like. Of course, the above listed accounts are only illustrative. In particular, other types of accounts may be included according to a particular application scenario. The present specification is not limited to these.
In one embodiment, the current user may specifically include a user who is currently initiating an account login operation and wants to login to a target account for which the account login operation is directed. The target account may specifically include an account that the current user wants to log in. And the user who really has the right to log in and use the target account can be marked as the target user.
In one embodiment, the current user may be a target user. The user may be another user other than the target user who has no authority to log in to use the target account, for example, an illegal user who wants to log in a password of the target account by trying several times.
In one embodiment, the current user may enter the account login interface through the client device or the self-service operation device; and initiating account login operation aiming at the target account by performing corresponding operation on the account login interface. Specifically, for example, the current user may input an account name of a target account to be logged in an account input field displayed in the account login interface, or identity information related to the target user, such as a mobile phone number and an identification number used when registering the target account. Meanwhile, a corresponding login password is input in a password input field displayed in the account login interface. And clicking a confirmation key in the account login interface to generate and send a corresponding account login request aiming at the target account to the system server. Thereby initiating an account login operation for the target account. Correspondingly, the system server may receive the account login request and receive an account login operation initiated by the current user. Of course, it should be noted that the above-listed manner in which the current user initiates the account login operation for the target account is only an exemplary illustration. In specific implementation, according to a specific application scenario, the current user may also initiate an account login operation for the target account in another suitable manner.
In an embodiment, taking a server of the system as an example, after receiving the account login operation initiated by the current user, the server may determine that the account login operation initiated by the current user is directed to, that is, the current user wants to log in to the target account.
Specifically, the server may analyze and extract a name of a target account input by the current user from the received account login request, or data such as a mobile phone number, an identification number and other identity information used when the target user registers the target account, and then determine the target account to which the account login operation initiated by the current user is directed according to the data.
S102: and determining the identity information of the target user corresponding to the target account.
In this embodiment, the identity information of the target user may specifically include a mobile phone number, an identification number, a register mailbox, and the like used by the target user when registering the target account. Of course, the above listed identity information of the target user is only an illustrative illustration. In a specific implementation, according to a specific application scenario, the identity information of the target user may further include other information that can indicate the target user besides the listed identity information.
In one embodiment, the system server may determine, according to the target account, the identity information of the target user corresponding to the target account by retrieving an account database recorded and stored by the system server.
The account database records and stores each account, and the user and the identity information of the user corresponding to each account.
In an embodiment, the system server may search the account database to find a user corresponding to the target account and determine that the user is a target user, and further may obtain the identity information of the target user by querying the account database.
S103: and inquiring the input record of the login password when the account login operation is carried out within the preset time period of the target user according to the identity information of the target user.
In an embodiment, the input record of the login password during the account login operation performed by the target user within the preset time period may specifically include record data such as password input time, password error count, and the like during each login operation performed by the target user within the historical preset time period.
The preset time period may be five days or one month. Of course, the above-listed preset time period is only an illustrative illustration. In specific implementation, the preset time period can be flexibly set according to specific conditions. The present specification is not limited to these.
In this embodiment, the system server collects and records historical behavior data when a login password is input each time each user performs an account login operation, for example, the identity information of the user, the name of an account to be logged in by the user this time, the time for the user to input the login password this time, the number of times of mistake input when the user inputs the login password this time, and the like. And further, according to the historical behavior data, historical input records of corresponding login passwords can be established for each user respectively.
In one embodiment, in specific implementation, the system server may first find a historical input record of the login password corresponding to the target user according to the identity information of the target user. And inquiring records in a preset time period from the historical input records of the login password corresponding to the target user so as to determine the input record of the login password when the account login operation is performed in the preset time period of the target user.
S104: and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
In an embodiment, the above-mentioned upper limit number of trial and error of the login password may be specifically understood as a threshold number. If the number of times of errors of inputting the login password by the user is larger than or equal to the upper limit number of times of trial and error of the login password, in order to protect the account data security of the target account, the problem that the illegal user tries to get out the login password of the target account by performing multiple account login operations is avoided, and the user is prevented from continuing to initiate account login operation aiming at the target account.
In this embodiment, in specific implementation, the behavior characteristics of the target user when the login password is input within the latest period of time may be determined according to the input record of the login password during the account login operation performed by the target user within the preset period of time. For example, according to the input record of the login password when the user C performs the account login operation within the preset time period, it can be determined that the login password is more mistakenly input when the user C normally performs the account login operation for the account with the account name of T1121 in the last time period, and the login password is mistakenly input 6 times per account login operation on average, wherein the account login operation with the highest mistaken password input time is mistakenly input 8 times. Further, the number of times that the historical behavior characteristics of the target user are met can be determined according to the determined behavior characteristics of the target user when the login password is input within the latest period of time, and the determined number of times is used as the upper limit number of times of trial and error of the login password in account login operation initiated by the current user. For example, the maximum number of times of mistaking the login password in one account login operation in the last period of time of the user C may be selected as the reference number of times, and the reference number of times is added to a preset tolerance number (for example, 1), and the obtained sum (7 times) is determined as the time data according with the leisi behavior characteristics of the user C in the last period of time. Further, the above number of times may be determined as an upper limit number of trial and error of the login password in the account login operation initiated for the current user and referring to the account name of the user C as the T1121 account.
The upper limit times of trial and error of the login password set in the above manner fully considers the historical behavior characteristics of the target user of the target account, so that the determined upper limit times of trial and error of the login password is more targeted and more reasonable, and the use experience of the target user in normally logging in the target account for account login operation cannot be influenced.
For example, based on the existing method, the determined upper limit number of trial and error of the login password in the account login operation initiated by the current user and aiming at the account with the account name of the user C, is the same as the upper limit number of trial and error of the login password of other accounts, for example, is a uniform fixed value of 3 times. Actually, if the user C normally initiates an account login operation for the account, but the user C is likely to not successfully log in, the user C is blocked by the system server because the number of mistakes made by the login password exceeds the upper limit number, so that the user C cannot normally log in the account, thereby affecting the user experience of the user C.
The method for determining the upper limit times of password trial and error provided by the embodiment of the application can be used for determining the times which meet the behavior characteristics of the user C in a recent period of time in a targeted manner, for example, 6 times, as the upper limit times of login password trial and error in account login operation initiated by the current user and aiming at the account with the account name of the user C being T1121. Thus, the user C can successfully log in the account of the user C when the 5 th time of inputting the login password is finished.
In an embodiment, after determining the number of times that the historical behavior characteristics of the target user are met, as an upper limit number of trial and error of the login password in the account login operation initiated by the current user, the server may further perform entry monitoring management on the account login operation initiated by the current user and directed to the target account according to the upper limit number.
In one embodiment, when implemented, the server may accumulate the accumulated number of times of error inputs of the login password when the user performs the account login operation for the target account. For example, each time the server finds that the login password which is mistakenly input by the current user in one account login operation is wrong, the server adds 1 to the original accumulated error input times, updates the accumulated error input times, and obtains the new accumulated error input times. Meanwhile, after the accumulated error input times are updated every time, the new accumulated error input times are compared with the upper limit times of trial and error of the determined login password, and whether the accumulated error input times of the current user is greater than the upper limit times of trial and error of the login password is determined. When the condition that the accumulated error-losing times of the login password is larger than or equal to the upper limit times of trial and error of the login password when the current user performs the account login operation aiming at the target account is detected, the current user can be judged to have a high probability that the target user may be operated occasionally, the risk of illegally logging in the target account exists, and the current user can be prevented from continuously performing the account login operation aiming at the target account, so that other users are prevented from trying out the login password of the target account by performing the account login operation for multiple times.
In one embodiment, when it is detected that the accumulated number of times of error input of the login password is greater than or equal to the upper limit number of times of trial and error of the login password when the current user performs the account login operation for the target account, in specific implementation, the current user may be prevented from continuing the account login operation for the target account by freezing the target account and/or closing an operation interface of the current user performing the account login operation for the target account, so as to protect the account data security of the target account. Of course, the above-listed blocking manner is only an exemplary illustration, and in a specific implementation, other suitable blocking manners may be adopted to block the current user from continuing the account login operation for the target account according to specific situations. For example, the user may be denied acceptance of an account login request from the IP where the user is currently located, and so on.
In one embodiment, in order to better protect the account data security of the target account, after the current user is prevented from continuing the account login operation for the target account in the above-listed prevention manner, the corresponding alarm prompt information may be further generated. The alarm prompt information may be specifically used to prompt that the probability value that the current user is not the target user is greater than a preset probability threshold. In a specific implementation, the alarm prompt message may be sent to the monitoring server, so that the monitoring server can further confirm whether the current user is the target user according to the alarm prompt message.
For example, the monitoring server may call a monitoring camera arranged on the self-service operation device, obtain a face picture of a current user operating on the self-service operation device, query an account database of the user, obtain a recorded and stored face picture of a target user corresponding to a target account, perform face comparison between the face picture of the current user and the face picture of the target user to determine whether the current user is the target user, obtain a corresponding face comparison result, and feed the face comparison result back to the system server.
The system server can determine whether the current user is the target user according to the comparison result, and if the current user is determined to be the target user according to the comparison result, the previous block of continuing the account login operation aiming at the target account for the current user can be removed. For example, the frozen state of the target account may be released, etc. On the contrary, if the current user is determined not to be the target user according to the comparison result, the current user can be continuously prevented from performing the account login operation aiming at the target account. E.g., maintaining a frozen state of the target account, etc. In addition, the alarm prompt information may be transmitted to the target user himself/herself to prompt the target user to confirm himself/herself.
In the embodiment of the application, compared with the existing method, specific behavior characteristics of different users are considered, and the upper limit times of trial and error of the login password which is consistent with the historical behavior characteristics of the target user of the target account which the current user wants to log in is determined in a targeted manner by acquiring and according to the input record of the login password during account login operation of the target user within a preset time period, so that the account login operation initiated by the current user and aiming at the target account can be effectively and reasonably controlled according to the upper limit times in the following process. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during the account login operation are not targeted and are not reasonable enough and the use experience of the user during the normal account login operation is influenced in the existing method are solved, and the technical effects that the upper limit times of trial and error of the corresponding proper login password can be set for different users according to the specific behavior characteristics of different users, the use experience of the user during the normal account login operation is considered, and the user is controlled to perform the account login operation better are achieved.
In an embodiment, after determining, according to an input record of a login password during an account login operation performed within a preset time period by the target user, a number of times that meets a historical behavior characteristic of the target user, as an upper limit number of trial and error on the login password in the account login operation initiated by the current user, when the method is specifically implemented, the following may be further included: accumulating the accumulated error times of the login password when the current user performs account login operation aiming at the target account; and when detecting that the accumulated error input times of the login password is more than or equal to the upper limit times of trial and error of the login password when the current user performs the account login operation aiming at the target account, preventing the current user from continuing the account login operation aiming at the target account.
In an embodiment, the above-mentioned preventing the current user from continuing the account login operation with respect to the target account may include the following steps: and freezing the target account, and/or closing an operation interface for the current user to perform account login operation aiming at the target account. Of course, in specific implementation, according to specific situations, other suitable blocking manners may also be adopted to block the current user from continuing the account login operation for the target account, so as to avoid that the current user tries to obtain the login password of the target account by performing the account login operation for multiple times.
In an embodiment, after preventing the current user from continuing the account login operation for the target account, when the method is implemented, the following may be further included: and generating alarm prompt information, wherein the alarm prompt information is used for prompting that the probability value of the current user not being the target user is greater than a preset probability threshold value.
In an embodiment, the determining, according to the input record of the login password during the account login operation performed within the preset time period of the target user, the number of times that the historical behavior characteristics of the target user are met may include the following steps: according to the input record of the login password when the target user performs the account login operation within the preset time period, counting the maximum value of the error input times of the login password when the target user performs the account login operation within the preset time period as the reference times; and determining the sum of the reference times and the preset tolerance times as the times according with the historical behavior characteristics of the target user.
In one embodiment, the target account may specifically include at least one of: a bank card account of the target user, an electronic payment account of the target user, a social software account of the target user, a shopping website account of the target user, and so forth. Of course, the above listed target accounts are only illustrative. In a specific implementation, the target account may further include other types of accounts according to a specific application scenario. The present specification is not limited to these.
In one embodiment, in order to ensure the use experience of such users, it may be considered that the upper limit number of times of password trial and error of such users is appropriately increased, considering that in many cases, some users do not log in their own account for a long time or log in their own account for a short time, and in normal cases, such users are more prone to error inputting passwords when inputting login passwords compared with other users who often log in accounts.
Based on the above consideration, after counting the maximum value of the number of times of missing the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when performing the account login operation within the preset time period of the target user, when the method is implemented specifically, the following contents may be further included: determining the operation frequency of the target user for carrying out account login operation in the preset time period according to the input record of the login password during the account login operation of the target user in the preset time period; and adjusting the tolerance times according to the operation frequency.
In this embodiment, in specific implementation, according to the operation frequency of the target user performing the account login operation in the preset time period, the upper limit number of trial and error of the login password in the account login operation initiated by the current user may be correspondingly adjusted by adjusting the tolerance number.
For example, if it is determined that the operation frequency of the target user performing the account login operation in the preset time period is less than or equal to 2 times per month, it may be determined that the user has rarely performed the account login operation recently, and it is relatively more likely that the user forgets the login password, and at this time, the upper limit number of trial and error of the login password of such a user may be increased by adding 1 to the tolerance number, so that the user can normally log in the own account, and the user experience is improved. If the operation frequency of the target user for performing the account login operation in the preset time period is determined to be less than or equal to 5 times per month and greater than 2 times per month, it can be determined that the operation frequency of the user for performing the account login operation recently is normal, and the tolerance frequency may not be adjusted. If the operation frequency of the target user for carrying out the account login operation in the preset time period is determined to be more than 5 times per month, the user can be judged to carry out the account login operation recently and is relatively unlikely to forget the login password, and at the moment, the upper limit number of trial and error of the login password of the user can be reduced by subtracting 1 from the tolerance number, so that the account data safety of the user is protected under the condition of not influencing the use experience of the user.
Of course, it should be noted that the above listed adjustment of the tolerance times according to the operation frequency is only an illustrative example. In specific implementation, according to specific conditions and safety requirements, other modes can be adopted to correspondingly adjust the tolerance times according to the operation frequency.
In one embodiment, considering different target accounts for the same target user, the requirements for data security may be different due to different importance levels of the related account data. For example, the bank account has a higher importance degree of fund data related to the user, and the requirement on data security is relatively higher. The chat account has low importance of the chat data and relatively low requirements on data security.
In view of the above, in order to better satisfy both the user experience and the data security, in the specific implementation, the upper limit number of trial and error of the login password may be adjusted by appropriately adjusting the tolerance number according to the importance degree of the account data related to the target account.
Specifically, after counting the maximum number of times of missing the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when the target user performs the account login operation within the preset time period, the method may further include: determining the importance degree of account data related to the target account; and adjusting the tolerance times according to the importance degree.
For example, for a target account with higher importance of the related account data, the upper limit number of trial and error of the login password can be reduced by performing adjustment through a process of reducing the tolerance number, so that the account data of the target account can be better protected. For the target account with lower importance degree of the related account data, the upper limit times of trial and error of the login password can be increased by adding one to the tolerance times for adjustment, so that the user has better use experience.
In one embodiment, it is further contemplated that differences may exist in the security of a user's account data at different points in time. For example, the risk of a user's account data security being compromised may be relatively higher at night versus daytime. Therefore, in order to better protect the account data security of the user, the tolerance times can be adjusted by combining the current time point of the account login operation initiated by the current user, and then the upper limit times of the login password trial and error is correspondingly adjusted by using the tolerance times.
In this embodiment, after counting a maximum value of the number of times of missing the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when performing the account login operation within the preset time period of the target user, when the method is specifically implemented, the following contents may be further included: determining the current time point of account login operation initiated by the current user; and adjusting the tolerance times according to the current time point.
In one embodiment, in implementation, the tolerance times may be adjusted according to the current time point and a preset adjustment rule.
The preset adjustment rule may specifically include: when the current time point is in the time period from 10 pm to 5 am, the tolerance times are reduced by two; when the current time point is in a time period between 5 am and 8 am or a time period between 6 pm and 10 pm, the tolerance times are reduced by one; when the current time point is in the time period between 8 am and 6 pm, no adjustment is made to the tolerance times. Of course, the preset adjustment rules listed above are only an illustrative example. When the method is specifically implemented, the method can be flexibly adjusted according to specific conditions.
In an embodiment, the above counting, according to the input record of the login password when the target user performs the account login operation within the preset time period, a maximum value of the number of times of mistake input of the login password when the target user performs the account login operation within the preset time period is used as the reference number, specifically, the login operation for the target account performed within the preset time period of the target user is found according to the input record of the login password when the target user performs the account login operation within the preset time period; and then logging in the target account according to the preset time period of the target user, and counting the maximum value of the error input times of the login password when the target user logs in the account aiming at the target account in the preset time period as the reference times.
In an embodiment, in specific implementation, the average value of the number of times of wrong entry of the login password when the target user performs the account login operation for the target account within a preset time period may be counted as the reference number. The second largest value of the number of wrong login passwords may also be screened from the number of wrong login passwords during the account login operation performed on the target account by the target user within the preset time period, and the second largest value is used as the reference number.
In an embodiment, if the login operation for the target account performed within the preset time period of the target user is not found according to the input record of the login password during the account login operation performed within the preset time period of the target user, the login operation for the associated account having a higher approximation degree with the target account performed within the preset time period of the target user may also be queried, and the maximum value of the number of times of error input of the login password during the account login operation for the associated account performed within the preset time period of the target user is counted as the reference number. And determining the sum of the reference times and the preset tolerance times as the times according with the historical behavior characteristics of the target user.
From the above description, it can be seen that, in the method for determining the upper limit number of password trial and error provided in the embodiment of the present application, because specific behavior characteristics of different users are considered, the upper limit number of password trial and error that matches the historical behavior characteristics of the target user of the target account that the current user wants to log in is specifically determined by obtaining and according to the input record of the login password during the account login operation performed by the target user within the preset time period, so that the account login operation initiated by the current user for the target account can be effectively and reasonably controlled according to the upper limit number. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during the account login operation are not targeted and are not reasonable enough and the use experience of the user during the normal account login operation is influenced in the existing method are solved, and the technical effects that the upper limit times of trial and error of the corresponding proper login password can be set for different users according to the specific behavior characteristics of different users, the use experience of the user during the normal account login operation is considered, and the user is controlled to perform the account login operation better are achieved. The accumulated error input times of the login password when the current user performs the account login operation aiming at the target account are accumulated, and whether the current user is prevented from continuing the account login operation aiming at the target account is judged by detecting the numerical value of the accumulated error input times and the upper limit times of trial and error of the login password, so that the illegal user can be timely and effectively found and prevented from trying to obtain the login password of the target account by performing the account login operation for multiple times, and the account data security of the target account is protected.
Based on the same inventive concept, the embodiment of the present application further provides a device for determining the upper limit number of password trial and error, as described in the following embodiments. Because the principle of solving the problem of the device for determining the upper limit times of the password trial and error is similar to the method for determining the upper limit times of the password trial and error, the implementation of the device for determining the upper limit times of the password trial and error can refer to the implementation of the method for determining the upper limit times of the password trial and error, and repeated parts are not described again. As used hereinafter, the term "unit" or "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated. Please refer to fig. 2, which is a structural diagram of an apparatus for determining an upper limit of password trial and error in an embodiment of the present application, where the apparatus may specifically include: a first determining module 201, a second determining module 202, a querying module 203 and a third determining module 204, and the structure will be described in detail below.
The first determining module 201 may be specifically configured to receive and determine a target account to which an account login operation initiated by a current user is directed;
the second determining module 202 may be specifically configured to determine identity information of a target user corresponding to the target account;
the query module 203 may be specifically configured to query, according to the identity information of the target user, an input record of a login password during an account login operation performed by the target user within a preset time period;
the third determining module 204 may be specifically configured to determine, according to an input record of a login password during the account login operation performed within a preset time period of the target user, a number of times that meets a historical behavior characteristic of the target user, as an upper limit number of times of trial and error of the login password in the account login operation initiated by the current user.
In one embodiment, the apparatus may further include an accumulation module and a processing module, wherein,
the accumulation module is specifically configured to accumulate accumulated error times of a login password when the current user performs an account login operation for the target account;
the processing module may be specifically configured to, when it is detected that the accumulated number of times of error transmission of the login password is greater than or equal to the upper limit number of times of trial and error of the login password when the current user performs the account login operation for the target account, prevent the current user from continuing the account login operation for the target account.
In an embodiment, the apparatus may further include a blocking module, which may be specifically configured to block the current user from continuing the account login operation for the target account by blocking the target account and/or closing a blocking manner such as an operation interface for the current user to perform the account login operation for the target account.
In an embodiment, the apparatus may further include a generating module, which is specifically configured to generate an alarm prompting message, where the alarm prompting message is used to prompt that a probability value that the current user is not the target user is greater than a preset probability threshold.
In an embodiment, in order to determine the number of times of meeting the historical behavior characteristics of the target user according to the input record of the login password when the target user performs the account login operation within the preset time period, the third determining module 204 may specifically include the following structural units:
the counting unit is specifically configured to count a maximum value of the number of wrong entries of the login password when the target user performs the account login operation within the preset time period as a reference number according to the input record of the login password when the target user performs the account login operation within the preset time period;
the determining unit may be specifically configured to determine a sum of the reference number and a preset tolerance number as a number that meets the historical behavior feature of the target user.
In one embodiment, the target account may specifically include at least one of: a bank card account of the target user, an electronic payment account of the target user, a social software account of the target user, a shopping website account of the target user, and so forth. Of course, the above listed target accounts are only illustrative. In a specific implementation, the target account may further include other types of accounts according to a specific application scenario. The present specification is not limited to these.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.
It should be noted that, the systems, devices, modules or units described in the above embodiments may be implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, in the present specification, the above devices are described as being divided into various units by functions, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
Moreover, in the subject specification, adjectives such as first and second may only be used to distinguish one element or action from another element or action without necessarily requiring or implying any actual such relationship or order. References to an element or component or step (etc.) should not be construed as limited to only one of the element, component, or step, but rather to one or more of the element, component, or step, etc., where the context permits.
From the above description, it can be seen that the device for determining the upper limit times of password trial and error, provided in the embodiment of the present application, specifically determines the upper limit times of password trial and error that matches the historical behavior characteristics of the target user of the target account that the current user wants to log in according to the input record of the login password during the account login operation performed within the preset time period of the target user, so that the account login operation initiated by the current user for the target account can be effectively and reasonably controlled according to the upper limit times in the subsequent process. Therefore, the technical problems that the upper limit times of trial and error of the login password set for the user during the account login operation are not targeted and are not reasonable enough and the use experience of the user during the normal account login operation is influenced in the existing method are solved, and the technical effects that the upper limit times of trial and error of the corresponding proper login password can be set for different users according to the specific behavior characteristics of different users, the use experience of the user during the normal account login operation is considered, and the user is controlled to perform the account login operation better are achieved.
The embodiment of the present application further provides an electronic device, and specifically, refer to a schematic structural diagram of the electronic device based on the method for determining the upper limit number of password trial and error provided by the embodiment of the present application, shown in fig. 3, where the electronic device specifically may include an input device 31, a processor 32, and a memory 33. The input device 31 may be specifically configured to receive a target account for which an account login operation initiated by a current user is directed. The processor 32 may be specifically configured to determine a target account for which an account login operation initiated by a current user is directed; determining identity information of a target user corresponding to the target account; inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user; and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user. The memory 33 may in particular be used for storing a corresponding instruction program.
In this embodiment, the input device may be one of the main apparatuses for information exchange between a user and a computer system. The input device may include a keyboard, a mouse, a camera, a scanner, a light pen, a handwriting input board, a voice input device, etc.; the input device is used to input raw data and a program for processing the data into the computer. The input device can also acquire and receive data transmitted by other modules, units and devices. The processor may be implemented in any suitable way. For example, the processor may take the form of, for example, a microprocessor or processor and a computer-readable medium that stores computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, an embedded microcontroller, and so forth. The memory may in particular be a memory device used in modern information technology for storing information. The memory may include multiple levels, and in a digital system, the memory may be any memory as long as it can store binary data; in an integrated circuit, a circuit without a physical form and with a storage function is also called a memory, such as a RAM, a FIFO and the like; in the system, the storage device in physical form is also called a memory, such as a memory bank, a TF card and the like.
In this embodiment, the functions and effects specifically realized by the electronic device can be explained by comparing with other embodiments, and are not described herein again.
The embodiment of the present application further provides a computer storage medium based on a method for determining an upper limit number of password trial and error, where the computer storage medium stores computer program instructions, and when the computer program instructions are executed, the computer program instructions implement: receiving and determining a target account for which an account login operation initiated by a current user is directed; determining identity information of a target user corresponding to the target account; inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user; and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
In the present embodiment, the storage medium includes, but is not limited to, a Random Access Memory (RAM), a Read-Only Memory (ROM), a Cache (Cache), a Hard disk (HDD), or a Memory Card (Memory Card). The memory may be used to store computer program instructions. The network communication unit may be an interface for performing network connection communication, which is set in accordance with a standard prescribed by a communication protocol.
In this embodiment, the functions and effects specifically realized by the program instructions stored in the computer storage medium can be explained by comparing with other embodiments, and are not described herein again.
Although various specific embodiments are mentioned in the disclosure of the present application, the present application is not limited to the cases described in the industry standards or the examples, and the like, and some industry standards or the embodiments slightly modified based on the implementation described in the custom manner or the examples can also achieve the same, equivalent or similar, or the expected implementation effects after the modifications. Embodiments employing such modified or transformed data acquisition, processing, output, determination, etc., may still fall within the scope of alternative embodiments of the present application.
Although the present application provides method steps as described in an embodiment or flowchart, more or fewer steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one manner of performing the steps in a multitude of orders and does not represent the only order of execution. When an apparatus or client product in practice executes, it may execute sequentially or in parallel (e.g., in a parallel processor or multithreaded processing environment, or even in a distributed data processing environment) according to the embodiments or methods shown in the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, the presence of additional identical or equivalent elements in a process, method, article, or apparatus that comprises the recited elements is not excluded.
The devices or modules and the like explained in the above embodiments may be specifically implemented by a computer chip or an entity, or implemented by a product with certain functions. For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, in implementing the present application, the functions of each module may be implemented in one or more pieces of software and/or hardware, or a module that implements the same function may be implemented by a combination of a plurality of sub-modules, and the like. The above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical division, and other divisions may be realized in practice, for example, a plurality of modules or components may be combined or integrated into another system, or some features may be omitted, or not executed.
Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may therefore be considered as a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of the embodiments, it is clear to those skilled in the art that the present application can be implemented by software plus necessary general hardware platform. Based on such understanding, the technical solutions of the present application may be embodied in the form of a software product, which may be stored in a storage medium, such as a ROM/RAM, a magnetic disk, an optical disk, or the like, and includes several instructions for enabling a computer device (which may be a personal computer, a mobile terminal, a server, or a network device) to execute the method according to the embodiments or some parts of the embodiments of the present application.
The embodiments in the present specification are described in a progressive manner, and the same or similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. The application is operational with numerous general purpose or special purpose computing system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet-type devices, multiprocessor systems, microprocessor-based systems, set top boxes, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
While the present application has been described by way of examples, those of ordinary skill in the art will appreciate that there are numerous variations and permutations of the present application that do not depart from the spirit of the present application and that the appended embodiments are intended to include such variations and permutations without departing from the present application.

Claims (13)

1. A method for determining the upper limit number of password trial and error is characterized by comprising the following steps:
receiving and determining a target account for which an account login operation initiated by a current user is directed;
determining identity information of a target user corresponding to the target account;
inquiring the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user;
and determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, wherein the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
2. The method according to claim 1, wherein after determining the number of times that the historical behavior characteristics of the target user are met according to the input record of the login password during the account login operation performed within the preset time period of the target user, as an upper limit number of trial and error on the login password in the account login operation initiated by the current user, the method further comprises:
accumulating the accumulated error times of the login password when the current user performs account login operation aiming at the target account;
and when detecting that the accumulated error input times of the login password is more than or equal to the upper limit times of trial and error of the login password when the current user performs the account login operation aiming at the target account, preventing the current user from continuing the account login operation aiming at the target account.
3. The method of claim 2, wherein preventing the current user from continuing account login operations for the target account comprises:
and freezing the target account, and/or closing an operation interface of the current user for performing account login operation aiming at the target account.
4. The method of claim 3, wherein after preventing the current user from continuing account login operations for the target account, the method further comprises:
and generating alarm prompt information, wherein the alarm prompt information is used for prompting that the probability value of the current user not being the target user is greater than a preset probability threshold value.
5. The method according to claim 1, wherein determining the number of times that the historical behavior characteristics of the target user are met according to the input record of the login password during the account login operation within the preset time period of the target user comprises:
according to the input record of the login password when the target user performs the account login operation within the preset time period, counting the maximum value of the error input times of the login password when the target user performs the account login operation within the preset time period as the reference times;
and determining the sum of the reference times and the preset tolerance times as the times according with the historical behavior characteristics of the target user.
6. The method according to claim 5, wherein after counting a maximum value of the number of times of mistakes made by the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when the target user performs the account login operation within the preset time period, the method further comprises:
determining the operation frequency of the target user for carrying out account login operation in the preset time period according to the input record of the login password during the account login operation of the target user in the preset time period;
and adjusting the tolerance times according to the operation frequency.
7. The method according to claim 5, wherein after counting a maximum value of the number of times of mistakes made by the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when the target user performs the account login operation within the preset time period, the method further comprises:
determining the importance degree of account data related to the target account;
and adjusting the tolerance times according to the importance degree.
8. The method according to claim 5, wherein after counting a maximum value of the number of times of mistakes made by the login password when the target user performs the account login operation within the preset time period as the reference number according to the input record of the login password when the target user performs the account login operation within the preset time period, the method further comprises:
determining the current time point of account login operation initiated by the current user;
and adjusting the tolerance times according to the current time point.
9. The method of claim 1, wherein the target account comprises at least one of: the method comprises the steps of a bank card account of a target user, an electronic payment account of the target user, a social software account of the target user and a shopping website account of the target user.
10. An apparatus for determining an upper limit number of password trial and error, comprising:
the first determination module is used for receiving and determining a target account for which an account login operation initiated by a current user aims;
the second determining module is used for determining the identity information of the target user corresponding to the target account;
the query module is used for querying the input record of a login password when the account login operation is carried out within a preset time period of the target user according to the identity information of the target user;
and the third determining module is used for determining the times which accord with the historical behavior characteristics of the target user according to the input record of the login password during the account login operation of the target user within the preset time period, and the times are used as the upper limit times of trial and error of the login password in the account login operation initiated by the current user.
11. The apparatus of claim 10, further comprising an accumulation module and a processing module, wherein,
the accumulation module is used for accumulating the accumulated error times of the login password when the current user performs account login operation aiming at the target account;
the processing module is used for preventing the current user from continuing to perform the account login operation aiming at the target account under the condition that the accumulated error input times of the login password is larger than or equal to the upper limit times of the login password trial and error when the current user performs the account login operation aiming at the target account.
12. An electronic device comprising a processor and a memory for storing processor-executable instructions, wherein the processor, when executing the instructions, performs the steps of the method of any one of claims 1 to 9.
13. A computer-readable storage medium having computer instructions stored thereon which, when executed, implement the steps of the method of any one of claims 1 to 9.
CN201911224947.XA 2019-12-04 2019-12-04 Method and device for determining upper limit times of password trial and error Active CN110955884B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911224947.XA CN110955884B (en) 2019-12-04 2019-12-04 Method and device for determining upper limit times of password trial and error

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911224947.XA CN110955884B (en) 2019-12-04 2019-12-04 Method and device for determining upper limit times of password trial and error

Publications (2)

Publication Number Publication Date
CN110955884A true CN110955884A (en) 2020-04-03
CN110955884B CN110955884B (en) 2022-02-08

Family

ID=69979623

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911224947.XA Active CN110955884B (en) 2019-12-04 2019-12-04 Method and device for determining upper limit times of password trial and error

Country Status (1)

Country Link
CN (1) CN110955884B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176473A (en) * 2023-11-02 2023-12-05 北京创元天成科技发展有限公司 Client information management method and system based on Internet of things

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197095A (en) * 2006-12-10 2008-06-11 王建 Variable password
CN102446256A (en) * 2011-08-24 2012-05-09 宇龙计算机通信科技(深圳)有限公司 Terminal and application program management method
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN104598804A (en) * 2014-12-30 2015-05-06 联想(北京)有限公司 Information processing method and electronic equipment
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger
US20160171193A1 (en) * 2012-12-28 2016-06-16 Allscripts Software, Llc Systems and methods related to security credentials
US20170214712A1 (en) * 2016-01-25 2017-07-27 Aol Inc. Compromised password detection based on abuse and attempted abuse
CN107833053A (en) * 2017-10-18 2018-03-23 中国银行股份有限公司 The Information Authentication method and device of core banking system
CN108427879A (en) * 2018-03-22 2018-08-21 平安科技(深圳)有限公司 Account safety management method, device, computer equipment and storage medium
CN108965330A (en) * 2018-08-27 2018-12-07 郑州云海信息技术有限公司 A kind of account number safety guard method and system
CN109542289A (en) * 2018-11-30 2019-03-29 Oppo(重庆)智能科技有限公司 Operating method, device, equipment and the storage medium of MES

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101197095A (en) * 2006-12-10 2008-06-11 王建 Variable password
CN102446256A (en) * 2011-08-24 2012-05-09 宇龙计算机通信科技(深圳)有限公司 Terminal and application program management method
US20160171193A1 (en) * 2012-12-28 2016-06-16 Allscripts Software, Llc Systems and methods related to security credentials
CN103532797A (en) * 2013-11-06 2014-01-22 网之易信息技术(北京)有限公司 Abnormity monitoring method and device for user registration
CN105323144A (en) * 2014-07-16 2016-02-10 腾讯科技(深圳)有限公司 Method and system for prompting message abnormity in instant messenger
CN104598804A (en) * 2014-12-30 2015-05-06 联想(北京)有限公司 Information processing method and electronic equipment
US20170214712A1 (en) * 2016-01-25 2017-07-27 Aol Inc. Compromised password detection based on abuse and attempted abuse
CN107833053A (en) * 2017-10-18 2018-03-23 中国银行股份有限公司 The Information Authentication method and device of core banking system
CN108427879A (en) * 2018-03-22 2018-08-21 平安科技(深圳)有限公司 Account safety management method, device, computer equipment and storage medium
CN108965330A (en) * 2018-08-27 2018-12-07 郑州云海信息技术有限公司 A kind of account number safety guard method and system
CN109542289A (en) * 2018-11-30 2019-03-29 Oppo(重庆)智能科技有限公司 Operating method, device, equipment and the storage medium of MES

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
ZAHID SYED 等: "Effects of User Habituation in Keystroke Dynamics on Password Security Policy", 《2011 IEEE 13TH INTERNATIONAL SYMPOSIUM ON HIGH-ASSURANCE SYSTEMS ENGINEERING》 *
李嘉丽 等: "一种应用系统的FTP账户密码保护方法", 《科技信息》 *
赵斌 等: "基于电子支付密码的支票自动容错识别系统研究", 《系统工程理论与实践》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117176473A (en) * 2023-11-02 2023-12-05 北京创元天成科技发展有限公司 Client information management method and system based on Internet of things
CN117176473B (en) * 2023-11-02 2024-01-09 北京创元天成科技发展有限公司 Client information management method and system based on Internet of things

Also Published As

Publication number Publication date
CN110955884B (en) 2022-02-08

Similar Documents

Publication Publication Date Title
US10862913B2 (en) Systems and methods for securing access to resources
US10911437B2 (en) Detection of anomalous authentication attempts in a client-server architecture
US11048792B2 (en) Risk based brute-force attack prevention
US20230156036A1 (en) Detection of malicious activity within a network
US9275228B2 (en) Protecting multi-factor authentication
CN109698809B (en) Method and device for identifying abnormal login of account
EP3549050B1 (en) Method and computer product and methods for generation and selection of access rules
CN109936556B (en) Monitoring method and device for account stealing event
US20170171188A1 (en) Non-transitory computer-readable recording medium, access monitoring method, and access monitoring apparatus
CN111178890A (en) Account protection method, device and equipment
CN110930161A (en) Method for determining operation time of business operation and self-service business operation equipment
CN107872446B (en) Communication account management method and device and server
CN109547427B (en) Blacklist user identification method and device, computer equipment and storage medium
CN110955884B (en) Method and device for determining upper limit times of password trial and error
CN109583177B (en) System and method for identifying new devices during user interaction with banking services
CN114386025B (en) Abnormality detection method, abnormality detection device, electronic device, and storage medium
CN110351267B (en) Method and device for determining social media account number stolen
KR101565942B1 (en) Method and Apparatus for detecting ID theft
CN112642162A (en) User login management method and device, computer equipment and storage medium
CN105654379B (en) Abnormal account moving processing method and device
CN114338210B (en) Global brushing attack detection method, device, equipment and medium
CN117541318B (en) Offline consumption intelligent evaluation and supervision method, system and medium
CN115622734A (en) Management method, system, terminal and medium for cloud centralized control fingerprint confidential file box
CN116501985A (en) Abnormal user behavior management method, system, equipment and medium
CN117237110A (en) Transaction method, device, equipment and medium based on DPoS

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant