Account Takeover Prevention via ThisData
What does it do?
This rule is designed to detect phished or compromised user accounts and block attackers from logging in to hacked accounts. Even if the primary user authentication is approved (e.g. correct username and password) it will deny access if the login appears to be highly suspicious.
It uses ThisData's anomaly detection algorithms which take into account many behavioral factors including:
- Location & Velocity
- Time of day
- Tor usage
- Risky IP addresses
- And more...
This rule uses ThisData's API to get a risk score for the login, and then blocks
the login by raising an
UnauthorizedError error if the risk is very high.
You will need a ThisData API Key. Sign up for a free ThisData account at https://thisdata.com/sign-up
Important This rule should be used with the "Account Takeover Detection via ThisData" Auth0 rule, which allows you to teach our algorithms about your users. Using both rules allows you to achieve results of higher accuracy.
Read our guide "How to add login anomaly detection to Auth0" https://thisdata.com/blog/how-to-add-login-anomaly-detection-to-auth0/
Contact ThisData: firstname.lastname@example.org
How do I use it?
Just create a new rule in the Auth0 dashboard, and copy the following code replacing the placeholders with the appropriate values.
What is Rule-Based Authentication?
Rules can be used to enrich and transform the user profile, deny access to specific users under certain conditions, retrieve information from external services and much more. For more information about rules, please check the documentation