There are a number of different login behaviors that could be considered suspicious. Some are higher risk than others. For example, a user logging in at an unusual time of day is a low-risk anomaly. A more threatening anomaly would be dozens of failed login attempts in a very short time. This is called a brute force attack: the attacker systematically attempts different passwords to gain access to an account, often using automated software.
Other potentially suspicious behaviors include logging in from an unrecognized device, accessing from an unusual location, using Tor network, and various other login activities that emerge as outliers from normal usage.
Applications can also be jeopardized by third party security breaches such as mass password leaks. Breached password detection notifies users when their credentials are leaked by a data breach of a third party. Users should always reset their passwords if their credentials may be compromised.
Auth0 offers a layered approach to security with detection and response tools. Auth0 can detect suspicious activity from bots, or login attempts that come at unusual velocities (the number of times a pair of credentials is tried per unit of time), if a particular account is the target of brute forcing, or even if a login attempt is made with credentials known to be stolen in a data breach.
These features also allow you to place friction when the signals indicate a login attempt could be risky. The types of friction include,
Each of these features can be enabled in the Auth0 dashboard or using the management API. Learn more by reading Auth0’s Attack Protection documentation.
Detecting unusual or alarming login behavior is vital when protecting your users. If you want to try the benefits of easy, customizable attack protection, sign up for Auth0’s free, production-ready plan to get started.