Protect Your Users with Attack Protection
Learn about attack protection and how you can shield your app from suspicious login activity.
What is Attack Protection?
Identifying Suspicious Activity
There are a number of different login behaviors that could be considered suspicious. Some are higher risk than others. For example, a user logging in at an unusual time of day is a low-risk anomaly. A more threatening anomaly would be dozens of failed login attempts in a very short time. This is called a brute force attack: the attacker systematically attempts different passwords to gain access to an account, often using automated software.
Other potentially suspicious behaviors include logging in from an unrecognized device, accessing from an unusual location, using Tor network, and various other login activities that emerge as outliers from normal usage.
Applications can also be jeopardized by third party security breaches such as mass password leaks. Breached password detection notifies users when their credentials are leaked by a data breach of a third party. Users should always reset their passwords if their credentials may be compromised.
Implementing Attack Protection with Auth0
Attack Protection Features
Auth0 offers a layered approach to security with detection and response tools. Auth0 can detect suspicious activity from bots, or login attempts that come at unusual velocities (the number of times a pair of credentials is tried per unit of time), if a particular account is the target of brute forcing, or even if a login attempt is made with credentials known to be stolen in a data breach.
These features also allow you to place friction when the signals indicate a login attempt could be risky. The types of friction include,
- Blocking a login attempt
- Requiring a user to complete CAPTCHA
- Requiring that the user completes an extra step, such as an email verification, or an MFA challenge such as a code sent to the user’s phone via SMS
Each of these features can be enabled in the Auth0 dashboard or using the management API. Learn more by reading Auth0’s Attack Protection documentation.
Protect Your Users with Auth0
Detecting unusual or alarming login behavior is vital when protecting your users. If you want to try the benefits of easy, customizable attack protection, sign up for Auth0’s free, production-ready plan to get started.
Sign up for free
Start building today and secure your apps with the Auth0 identity platform today.