Abstract: The disclosed computer-implemented method for securely authenticating users via facial recognition may include (1) identifying a request from a user to complete an authentication process on the computing device via a facial-recognition system, (2) sending the user a randomized unique identifier to display to a camera on the computing device, (3) simultaneously observing, via the camera on the computing device, both the user and the randomized unique identifier that was sent to the user, and (4) authenticating the observed user in response to determining both that the observed user's facial characteristics match facial characteristics of the user stored in the facial-recognition system and that the observed randomized unique identifier matches the randomized unique identifier sent to the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for facilitating eye contact during video conferences may include (1) detecting a video conference between a user of a computing device and a remote user of a remote computing device, (2) identifying a location on the computing device's screen where the eyes of the remote user are displayed as part of the video conference, (3) creating a video stream of the user that appears to be taken from the perspective of an imaginary camera located at the eyes of the remote user, and (4) transmitting the video stream of the user to the remote computing device of the remote user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.

Abstract: The disclosed computer-implemented method for verifying user attributes may include (1) receiving a request to verify an attribute of a user who claims to be a particular person, (2) determining that the attribute can be verified using a trusted record that is associated with the particular person, (3) determining that the trusted record is associated with a vehicle to which the particular person has access rights, (4) confirming that the user has physical access to the vehicle by performing an access-validation check, and (5) in response to confirming that the user has physical access to the vehicle, using the trusted record to verify the attribute of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling content for child browser users may include (1) identifying one or more indicators that a browser session user is a child, (2) calculating a session score indicating a likelihood that the browser session user is a child, (3) determining, based at least in part on the session score being above a threshold, that the browser session user is a child and therefore content controls should apply to a browser session of the child, and (4) initiating one or more content control actions. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: NAT systems are identified by detecting highly authenticated operations being made by multiple users from IP addresses. Users of a web service are authenticated in response to performing highly authenticated operations, such as identity proofing or multifactor authentication. Successful highly authenticated operations are tracked. A NAT system operating in conjunction with a specific IP address is identified, in response to a threshold number of different users successfully performing highly authenticated operations from the specific IP address within a specific amount of time. The total number of users behind the identified NAT system is estimated, based on the rate at which different users successfully perform operations from the specific IP address. One or more additional action(s) are taken to manage the processing of traffic originating from the specific IP address, taking into account that multiple users are operating behind the identified NAT system. An example action is rate limiting.

Abstract: The disclosed computer-implemented method for performing authentication at a network device may include (1) storing, at a network device that handles traffic for at least one endpoint device within a network, an authentication credential associated with a user of the endpoint device, (2) detecting, at the network device, a communication between the endpoint device within the network and a cloud-based application outside the network, (3) determining, at the network device, that access to the cloud-based application is protected by an authentication process, and (4) causing the network device to complete at least a portion of the authentication process for the user by providing the authentication credential associated with the user from the network device to an identity provider of the cloud-based application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for securely accessing encrypted data stores may include (1) receiving, from a data storage service, a request to permit authenticated access to an encrypted data store administered by the data storage service, the request including a cryptographic element associated with the encrypted data store that has been encrypted using a public key associated with the authentication device, (2) decrypting the cryptographic element associated with the encrypted data store using a private key associated with the authentication device, (3) encrypting the cryptographic element associated with the encrypted data store using a public key associated with a cryptographic client, and (4) transmitting the encrypted cryptographic element to the cryptographic client to enable the cryptographic client to perform cryptographic operations on the encrypted data store. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for distributed rate limiting is provided. The method includes detecting, in a first communication received by an application, a suspicious behavior, the first communication having traveled through a network to the application, the detecting performed by a rate limiter coupled to the application. The method includes communicating, from a blocking analytics module associated with the application, to a blocker located in the network, information regarding an origin of the first communication. The method includes blocking, at the blocker located in the network, further communication having a same origin as the origin of the first communication.

Abstract: The disclosed computer-implemented method for updating possession factor credentials may include (1) detecting a request from a user of a service to designate a new object to be used by the service as a possession factor credential in place of a previously designated object, (2) prior to allowing the user to designate the new object, authenticating the user by proofing the identity of the user to verify that an alleged identity of the user is the actual identity of the user and verifying that the proofed identity of the user had possession of the previously designated object, and (3) in response to verifying that the proofed identity of the user had possession of the previously designated object, designating the new object as the possession factor credential. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for performing security analyses of applications configured for cloud-based platforms may include 1) identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, 2) identifying at least one third-party application that is integrated with the online service and configured to operate on the online platform, 3) identifying metadata describing at least one characteristic of the third-party application, and 4) performing a security analysis of the third-party application based at least in part on the metadata. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for monitoring secure cloud based content are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for monitoring secure cloud based content comprising monitoring, using a browser component, a secure session accessing cloud based content, the monitoring capable of accessing content other than content requested by a user of the browser, identifying content meeting a specified criteria, and performing a specified action based at least in part on the identified content.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for securing authentication credentials on a client device during submission in browser-based cloud applications are disclosed. In one particular embodiment, the techniques may be realized as a method for securing authentication credentials on a client device comprising: detecting, on the client device, display of an authentication form in a browser window associated with a first flow to a target server; accessing, on the client device, one or more authentication credentials associated with a user of the client device; and submitting, to the target server, the one or more authentication credentials via a second flow to the target server.

Abstract: A computer-implemented method for validating login attempts based on user location may include (1) detecting a login attempt by a user to log into a user account, where the login attempt originates from an atypical location, (2) determining that the atypical location is inconsistent with a pattern of past login locations for the user, (3) retrieving location information that indicates a current location of the user from at least one third-party Internet resource, (4) determining, based on the location information, that the atypical location of the login attempt matches the current location of the user, and (5) trusting that the login attempt legitimately originates from the user based at least in part on the atypical location matching the current location of the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting illegitimate messages on social networking platforms may include 1) identifying a message sent via a social networking platform, 2) harvesting metadata from the social networking platform that describes a sender of the message, 3) determining, based at least in part on the metadata that describes the sender of the message, that the message is illegitimate, and 4) performing a remediation action on the message in response to determining that the message is illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for classifying applications configured for cloud-based platforms may include 1) identifying an online platform that hosts an online service and that is capable of hosting a plurality of third-party applications integrated with the online service and configured to operate on the online platform, 2) identifying at least one third-party application that is integrated with the online service and configured to operate on the online platform, 3) identifying metadata describing at least one characteristic of the third-party application, and 4) generating a classification of the third-party application based at least in part on the characteristic. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the present disclosure include methods (and corresponding systems and computer program products) for monitoring secured communication channels based on certificate authority impersonation. One aspect is a method comprising: intercepting a certificate transmitted by the remote server to the software application, the certificate comprising a public key; generating a first public key and a first private key pair for the intercepted certificate; replacing the public key in the intercepted certificate with the first public key; transmitting a modified intercepted certificate including the first public key to the software application in place of the intercepted certificate; and monitoring the security communication channel between the software application and the remote server, wherein the security communication channel is established based at least in part on the modified intercepted certificate.