Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application. The first application is authenticated using trusted credentials. A first application is authenticated with an authentication service using the security credential. Text input is sent from the first application to the second application via the network. The text input is sent to a text entry field on the second application.

Abstract: Disclosed are various embodiments for providing a native authentication experience with failover. A network service authenticates a first application executed in a computing device in a first instance using one or more authentication factors received via a platform-specific application programming interface that is native to the computing device. After a change to how authentication is performed by the network service, the network service authenticates the first application in a second instance via code-based linking with a second application that is authenticated.

Abstract: Disclosed are various embodiments for detecting replay attacks in voice-based authentication systems through the use of watermark signals. In one embodiment, audio is captured via an audio input device. It is then verified that the audio includes a voice authentication factor spoken by a user. A watermark signal is detected as present in the audio, which indicates that the voice authentication factor was replayed from a recording. One or more actions may then be performed.

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. A token exchange service receives a first authentication token from a client computing device. The first authentication token corresponds to a registration of an application of the client computing device for a user account. The first authentication token is validated. A second authentication token is generated, corresponding to a browser-based session for the user account. The second authentication token is sent to the client computing device.

Abstract: Disclosed are various embodiments that facilitate bootstrapping authentication of a user at a first device using a second device. The second device is authenticated for access to a user account via a first security credential. A second security credential is received by the second device. The second security credential is then sent to the first device. Subsequently, the second security credential is received from the first device, and the first device is authenticated for access to the user account. The second device includes visual cues to indicate a network page is legitimate, while the first device excludes visual cues to indicate the network page is legitimate.

Abstract: Methods and systems are provided to enable gradual expiration of credentials. Instead of depriving a user of all his access rights upon expiration of his credential (e.g., password), the user's access rights may be gradually restricted during a grace period after an expected or initial expiration time and/or before a final expiration time. The access right may be determined based on a duration from a time of the access request to the final expiration time or to the initial expiration time.

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.

Abstract: A code for accessing a resource having a customer account associated therewith is presented via a secondary device, and authentication data indicative of the code that was presented is received from a primary device. The primary device is identified as a trusted device associated with the customer account responsive to receiving the authentication data therefrom, and the secondary device is authenticated for access to the resource responsive to identification of the primary device as the trusted device associated with the customer account.

Abstract: Disclosed are various embodiments for synchronizing authentication sessions between applications. In one embodiment, a first authentication token is received from a first application in response to determining that the first application is authenticated with a service provider. A second authentication token is requested from a token exchange service associated with the service provider. The second authentication token is requested using the first authentication token. The second application is configured to use the second authentication token in order to access a resource of the service provider.

Abstract: Disclosed are various embodiments relating to bootstrapping user authentication. A first security credential is received for a user account from a user. A first application is then authenticated with another computing device using the first security credential. After authenticating the first application, a bootstrap request is then sent to the other computing device for a second security credential to authenticate a second application without using the first security credential. The bootstrap request specifies a bootstrap session identifier. The second security credential is then received from the other computing device.

Abstract: Input received into a first component of a user interface is mirrored in another component of the user interface. The first component of the user interface is monitored and changes to the first component are caused to occur in the second component. The first component may be configured to receive user input for an authentication claim.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the device. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. If the hardware trust evaluation device determines that a program is trustworthy, the trust evaluation device causes the trust indicator to provide a positive indication of the trustworthiness of the computer program to a user of the computing device. If the hardware trust evaluation device determines that a program is not trustworthy, the trust evaluation device causes the trust indicator to provide a negative indication of the trustworthiness of the computer program.

Abstract: Methods and systems are provided to enable access control based on credential properties. Besides authenticating a credential, an authentication service can provide additional credential-related information with respect to a credential such as last updated time. An entity receiving such additional credential-related information can implement access control policies based on the credential-related information. For instance, a user's access rights may be gradually restricted after an initial expiration time and towards a final expiration time. In an example, such access control may be implemented by a client application or client website of the authentication service. Alternatively or additionally, such access control may be implemented by an authorization service used by the client application or client website.

Abstract: Disclosed are various embodiments for providing multi-factor authentication credentials. For example, a first application may send an authentication request to a first authentication service, where the request specifies a first authentication factor. A second application may generate a user interface upon a display, where the user interface facilitates entry of a user approval. In response to receiving the user approval, the second application may send a second authentication factor to a second authentication service that acts as a proxy for the first authentication service. In some embodiments, an application may be configured to automatically transfer a one-time password or other authentication factor to a recipient in response to receiving a user approval.

Abstract: Disclosed are various embodiments for an authentication service. A unique identifier is associated with a device access token for a client to be authenticated. An authentication identifier is sent to an authenticated client. The client to be authenticated communicates the authentication identifier and unique identifier to the authentication service to complete authentication.

Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application. The first application is authenticated using trusted credentials. A first application is authenticated with an authentication service using the security credential. Text input is sent from the first application to the second application via the network. The text input is sent to a text entry field on the second application.

Abstract: Computing devices are disclosed that include functionality for providing a trustworthy indication of software integrity. The computing devices include a hardware trust evaluation device capable of determining the trustworthiness of computer programs executing on the devices. At least one trust indicator is also connected to the hardware trust evaluation device for providing an external indication of the trustworthiness of a computer program. Additional security information regarding the trustworthiness of the computer program may be displayed on the primary display device of the computing device. The display of the security information is triggered by a user of the computing device submitting a request through a secure mechanism, where the request is unobservable and inaccessible to programs executing on the computing device. Additional secure mechanisms, such as a unique user interface for displaying the security information, can be utilized to ensure the authenticity of the displayed security information.

Abstract: Disclosed are various embodiments for providing a native authentication experience with failover. A network service authenticates a first application executed in a computing device in a first instance using one or more authentication factors received via a platform-specific application programming interface that is native to the computing device. After a change to how authentication is performed by the network service, the network service authenticates the first application in a second instance via code-based linking with a second application that is authenticated.

Abstract: Disclosed are various embodiments that facilitate bootstrap authentication of a second application by way of a user confirmation via a first application, where the first application is authenticated using trusted credentials. A security credential for a user account is received from a user. A first application is authenticated with an authentication service using the security credential. One or more user actions are received by the first application. The user actions constitute a confirmation of a bootstrap authentication request submitted by a second application. Data encoding the user actions is sent to the authentication service.

Abstract: Disclosed are various embodiments for correlating a first use case-specific entity identifier with a second use case-specific entity identifier. A chained entity identifier corresponds to the first use case-specific entity identifier. The chained entity identifier can include the second use case-specific entity identifier cryptographically wrapped by a use case-specific key. The second use case-specific entity identifier can be received from the chained entity identifier. The second use case-specific entity identifier can be correlated to the first use case-specific entity identifier.