Login

Protect Your Users with Attack Protection

Learn about attack protection and how you can shield your app from suspicious login activity.

anomaly-detection

What is Attack Protection?

Attack Protection is a collection of features that (1) identify patterns in login behavior that do not resemble what is considered normal in a particular context, and (2) implement controls to place friction in the login experience to increase the cost for potential attackers and bad actors. The identification of patterns and placing of controls can take a variety of forms and flavors. For instance, outlier patterns during login can be in the form of a login attempt from a place or device never seen before for a particular user. Controls, for example, can take the form of login challenges (such as MFA) or CAPTCHA. Have you ever received an email asking “was this you?” after logging into a website on a new computer or mobile phone? This is the result of attack protection. The site detects a device you’ve never logged in from before and requests verification from you to ensure that someone else isn’t using your credentials maliciously.

Identifying Suspicious Activity

There are a number of different login behaviors that could be considered suspicious. Some are higher risk than others. For example, a user logging in at an unusual time of day is a low-risk anomaly. A more threatening anomaly would be dozens of failed login attempts in a very short time. This is called a brute force attack: the attacker systematically attempts different passwords to gain access to an account, often using automated software.

Other potentially suspicious behaviors include logging in from an unrecognized device, accessing from an unusual location, using Tor network, and various other login activities that emerge as outliers from normal usage.

Applications can also be jeopardized by third party security breaches such as mass password leaks. Breached password detection notifies users when their credentials are leaked by a data breach of a third party. Users should always reset their passwords if their credentials may be compromised.

Implementing Attack Protection with Auth0

Auth0 provides easy-to-use attack protection features. These features can be configured to detect different anomalous patterns during login transactions and notify an application owner, or take specific actions to protect an end user account.

Attack Protection Features

Auth0 offers a layered approach to security with detection and response tools. Auth0 can detect suspicious activity from bots, or login attempts that come at unusual velocities (the number of times a pair of credentials is tried per unit of time), if a particular account is the target of brute forcing, or even if a login attempt is made with credentials known to be stolen in a data breach.
These features also allow you to place friction when the signals indicate a login attempt could be risky. The types of friction include,

  • Blocking a login attempt
  • Requiring a user to complete CAPTCHA
  • Requiring that the user completes an extra step, such as an email verification, or an MFA challenge such as a code sent to the user’s phone via SMS

Each of these features can be enabled in the Auth0 dashboard or using the management API. Learn more by reading Auth0’s Attack Protection documentation.

Protect Your Users with Auth0

Detecting unusual or alarming login behavior is vital when protecting your users. If you want to try the benefits of easy, customizable attack protection, sign up for Auth0’s free, production-ready plan to get started.
Auth0

Sign up for free

Start building today and secure your apps with the Auth0 identity platform today.

3D login box