Set Attack Protection Preferences
Enable, disable, and customize Attack Protection settings in the Dashboard.

Bot detection preferences
Bot detection mitigates scripted attacks by detecting when a request is likely to be coming from a bot. These are sometimes called credential stuffing attacks. It is enabled by default for all connections. It provides a basic level of protection against certain attacks that adds very little friction to legitimate users. When such an attack is detected, it displays a CAPTCHA step in the login experience to eliminate bot and scripted traffic.
Configure CAPTCHA
Select Bot Detection.
Choose whether you wish to use simple CAPTCHA provided by Auth0, or Google reCAPTCHA (requires external setup and registration).
If you choose simple CAPTCHA, you are done.
If you choose Google's reCAPTCHA, enter the Site Key and Site Secret that you obtained when you register your app with Google.
Click Save.
Enable or disable bot detection
Select Bot Detection.
Locate the switch at the top of the page and toggle it.
Suspicious IP throttling preferences
Suspicious IP throttling is enabled by default for all connections. When enabled, you can customize the suspicious IP throttling policies, including changing the threat threshold that triggers throttling, creating a list of trusted IP addresses from which your users can always access your resources, and enabling or disabling email notifications to administrators.
Customize throttling policies
Select Suspicious IP Throttling.
Locate the Response section, and select Block Suspicious Logins and IP AllowList.
Limit high-velocity traffic by toggling the corresponding switch.
View the current Threat Threshold and contact our support team to adjust it.
Avoid erroneously triggering throttling by adding IP addresses to the IP AllowList.
Click Save.
Enable or disable notifications
Select Suspicious IP Throttling.
Locate the Notifications section, and toggle the switch.
Enable or disable suspicious IP throttling
Auth0 strongly recommends that you do not disable suspicious IP throttling for the connection; however, you can both disable and enable it using the Dashboard.
Select Suspicious IP Throttling.
Locate the switch at the top of the page and toggle it.
Brute-force protection preferences
Brute-force protection is enabled by default for all connections. When enabled, you can customize the brute-force protection response, including changing the threat threshold that triggers blocking, creating a list of trusted IP addresses from which your users can always access your resources, and enabling or disabling email notifications to affected users.
Customize brute-force protection response
Select Brute-force Protection.
Locate the Response section, and select Block users and define your threshold for acceptable risk.
Block brute force logins by toggling the corresponding switch.
View the current Threat Threshold and contact our support team to adjust it.
Avoid erroneously triggering blocking by adding IP addresses to the IP AllowList.
Click Save.
Enable or disable notifications
Select Brute-force Protection.
Locate the Notifications section, and toggle the switch.
Enable or disable brute-force protection
Auth0 strongly recommends that you do not disable brute-force protection for the connection; however, you can both disable and enable it using the Dashboard.
Select Brute-force Protection.
Locate the switch at the top of the page and toggle it.
Breached password detection preferences
When enabled, you can customize breached password detection preferences, including enabling blocking compromised user accounts, and enabling or disabling email notifications to administrators and affected users.
Customize breached password detection response
Select Breached Password Detection.
Locate the Response section, and block compromised user accounts by toggling the corresponding switch.
Enable or disable affected user notifications
Select Breached Password Detection.
Locate the Notifications section, and toggle the switch.
Configure administrator notifications
Select Breached Password Detection.
Locate the Notifications section, and select Send notifications to account administrators.
Choose Notification frequency, and select Save.
Enable or disable breached password detection
Select Breached Password Detection.
Locate the switch at the top of the page and toggle it.