Abstract: A gamified challenge is presented to a user communicating with a website when the user is suspected of being a bot. The gamified challenge consists of a dynamic sequence of animated geometric objects displayed in an order that the user has to interact with within an allotted amount of time. The complexity of the gamified challenge increases when the challenge is failed and when features extracted from the user session indicate a high level of suspicion that the gamified challenge is performed by a non-human user.

Abstract: Suspicious credential changes are automatically detected and mitigated. A comparison of data surrounding user-account credential changes with suspicious change patterns forms a basis for detecting suspicious credential changes. More particularly, if a credential change substantially matches a known suspicious change pattern, the credential change can be flagged as suspicious. After a credential change is determined to be suspicious, one or more mitigation activities can be triggered to allay adverse effects associated with a suspicious credential change.

Abstract: According to examples, an apparatus may include a processor and a computer readable medium on which is stored machine readable instructions that may cause the processor to determine a call duration threshold assigned to an entity, in which a phone number may be associated with the entity. The processor may also track durations of one or more calls placed to the phone number, determine whether the tracked durations of the one or more calls placed to the phone number meet or exceed the call duration threshold, and based on a determination that the tracked durations meet or exceed the call duration threshold, throttle placement of an additional call to the phone number.

Abstract: According to examples, an apparatus may include a processor and a computer readable medium on which is stored machine readable instructions that may cause the processor to determine a call duration threshold assigned to an entity, in which a phone number may be associated with the entity. The processor may also track durations of one or more calls placed to the phone number, determine whether the tracked durations of the one or more calls placed to the phone number meet or exceed the call duration threshold, and based on a determination that the tracked durations meet or exceed the call duration threshold, throttle placement of an additional call to the phone number.

Abstract: A sign-in system can be protected against enumeration attacks while providing an improved sign-in experience for legitimate users by disclosing whether or not an account exists. An account within a specified domain can be identified by an account identifier such as a username. Before a threshold throttling value is reached, account existence/non-existence information can be provided in response to an access request. In response to reaching or exceeding a specified threshold throttling value, account existence/non-existence information can cease to be provided. Entering a valid account identifier/authenticating credential credentials pair provides access to the computer system regardless of whether or not the threshold was reached or exceeded or not reached.

Abstract: Suspicious credential changes are automatically detected and mitigated. A comparison of data surrounding user-account credential changes with suspicious change patterns forms a basis for detecting suspicious credential changes. More particularly, if a credential change substantially matches a known suspicious change pattern, the credential change can be flagged as suspicious. After a credential change is determined to be suspicious, one or more mitigation activities can be triggered to allay adverse effects associated with a suspicious credential change.

Abstract: A sign-in system can be protected against enumeration attacks while providing an improved sign-in experience for legitimate users by disclosing whether or not an account exists. An account within a specified domain can be identified by an account identifier such as a username. Before a threshold throttling value is reached, account existence/non-existence information can be provided in response to an access request. In response to reaching or exceeding a specified threshold throttling value, account existence/non-existence information can cease to be provided. Entering a valid account identifier/authenticating credential credentials pair provides access to the computer system regardless of whether or not the threshold was reached or exceeded or not reached.