Abstract: Methods, systems and computer program products for computing system security. Techniques for classifying a potentially unauthorized user as an authorized user involve comparisons of two or more access request times that occur at different computing devices in different geographical locations. Based on those comparisons and the distance between the geographical locations of the different computing devices, a determination is made as to whether or not travel (e.g., via overland travel, via air travel, etc.) between those different geographical locations can be reasonably accomplished within a given time period. If it is determined that the required time for travel between the different geographical locations is greater than the time between the access request times—thus suggesting a spoofing attack or other malfeasance—then the potentially unauthorized (i.e.

Abstract: Methods, systems and computer program products for computing system security. Techniques for classifying a potentially unauthorized user as an authorized user involve comparisons of two or more access request times that occur at different computing devices in different geographical locations. Based on those comparisons and the distance between the geographical locations of the different computing devices, a determination is made as to whether or not travel (e.g., via overland travel, via air travel, etc.) between those different geographical locations can be reasonably accomplished within a given time period. If it is determined that the required time for travel between the different geographical locations is greater than the time between the access request times—thus suggesting a spoofing attack or other malfeasance—then the potentially unauthorized (i.e.