Some embodiments provide a method for authenticating a user to access computing resources that uses transient event data regarding previous interactions of the user with the computing resources. The method receives a notification that a user is unable to provide a correct user identifier and password. The method generates authentication questions for the remote user using the transient event data. The authentication questions are presented to the user. The method authenticates the user based on answers to the password recovery questions. The user may be a remote user and the computing resources are a set of application servers to which the user has forgotten a password. The computing resources may be a portable device that the user wishes to access remotely in order to delete data from the portable device.