摘要 |
In order to suppress successful user authentication by another person even if user information become known to the other person, provided is a user authentication system including: an authentication information acquisition unit (20) that obtains an input password for a user; a user authentication unit (22) that performs user authentication on the basis of the input password; and an authentication procedure alternation unit (28) that changes the user authentication procedure used by the user authentication unit (22), in the event of failed user authentication and the password matching or being similar to a password candidate on the basis of user-related information, in accordance with whether or not the genuine password for the user and the password candidate match or a similar. |