Key Takeaways from the 58 Group Technical Salon on Account System Practices and Security

On April 23, 2019, the 58 Group Technical Salon (Session 10) titled “Account System Technical Practice” was held at the Beijing headquarters, organized by the Technology Engineering Platform and HR Magic Academy, featuring guests from leading internet companies sharing their account system and security practices.

1. Account System Practice Overview

The account system is a fundamental feature for internet products, aiming to provide simple, convenient account functions and reliable security capabilities. Various companies have implemented extensive work on account security risk control, gateway authentication, multi‑active deployment, and overseas account systems.

Account Security Risk Control

With rapid platform growth and increasing account value, security becomes critical. Threat actors use credential stuffing, brute‑force attacks, and other methods to compromise platforms. The group’s risk‑control system, built by the risk‑control department, monitors environment, device, user information, and behavior to detect anomalies, output risk descriptions and scores, and supports decision‑making based on accuracy, recall, and conversion metrics.

Gateway Authentication

The gateway service provides load balancing, permission management, routing, service discovery, behavior logging, and authentication. Business services can validate login tickets and retrieve user information by integrating with the gateway.

Figure 1: Gateway System Diagram

Multi‑Active Deployment Across Regions

Data center architecture has evolved from single‑site to same‑city multi‑active and now to cross‑region multi‑active, enabling services to be provided from multiple data centers for high availability, improved user experience, and disaster recovery.

The design includes selective multi‑active for core business systems, eventual consistency for most data, and high‑speed cache for near‑real‑time cross‑region synchronization. Intelligent routing directs users to the nearest service center, and automatic failover ensures seamless access.

Figure 2: Multi‑Active Data Synchronization Diagram

Overseas Account System

Both domestic and overseas accounts are provided by the central account team. Due to legal constraints, overseas sites build local IDC and isolate data from domestic systems. Challenges include customizing workflows for each country and high translation costs for technical documentation.

2. Cloud Account System Practice

The Cloud Account System is 58 Group’s unified account platform that consolidates basic account capabilities and security functions, offering a unified SDK for external integration.

Figure 3: Account System Architecture

Independent account systems can host their data on the cloud platform, reusing its capabilities while maintaining data isolation. This eliminates duplicate development, provides unified security, and supports account merging and inter‑system linking.

Figure 4: Cloud Account System Capabilities

The cloud platform enables account merging without data loss, reduces system redundancy, unifies security across linked accounts, and allows single‑sign‑on through a unified authorization flow.

Figure 5: Cloud‑Based Account Linking Diagram

By authorizing the linking of accounts from Site A and Site B on the cloud platform, users can achieve seamless joint login without any changes to the business systems.

3. 58 Account Security System Construction

The security team addresses login, registration, and authentication threats by developing custom security strategies and challenge tools, integrating with the group’s risk‑control capabilities.

Figure 6: Account Security System Overview

Strategy Platform

The platform integrates security detection tools for registration (detecting fake or bulk registrations), login (detecting credential stuffing or brute‑force), device security, and user profiling based on massive data analysis and machine‑learning models. It aggregates results to produce a security level and outcome.

Attack Handling Platform

Provides real‑time and offline processing as well as alert capabilities. Business teams can choose appropriate actions, such as issuing challenges for high‑risk logins, tagging malicious registrations, or sending SMS alerts to users.

Challenge Open Platform

Offers a variety of challenge mechanisms accessible via server‑side, JS‑SDK, or APP‑SDK integrations.

Data Collection and Analysis System

Collects historical logs and real‑time data to analyze users, network environments, and devices, supplying foundational data for other modules and evaluating strategy effectiveness (accuracy, recall) for model optimization.

Conclusion

The salon highlighted common practices and unique strengths in account system construction and security across companies. Participants emphasized the balance between stability, security, and user experience, and expressed interest in future collaborations to further share practical experiences.