Computerized systems and methods facilitate detection of anomalous activity during the authentication of login attempts. When a login attempt is made, credentials (e.g., a username and password) are provided. A function call is made to check for anomalous activity. A count of unique usernames attempted during a given time period is compared against a unique username threshold. In some embodiments, a count of login attempts for the current username is also compared against a login attempt threshold. If either (or both) threshold is met or exceeded, an abnormal state is returned, and one or more enhanced authentication requirements are invoked. Alternatively, a normal state is returned, and the credentials are validated. If the login attempt is successful, the username is removed from consideration for anomalous activities checks for other login attempts.