Login Protection
The Login Protection API for is used at the time of customer login to prevent unauthorized users from accessing a user's account, conducting malicious activity at the time of login and gaining access to PII, payment data and other account related assets.
There are a number of ways you can utilize the login protection offered by this API. The Login Protection API can be used to enforce the following scenarios:
- Account take over (ATO): To prevent incidents where fraudsters use stolen credentials to try and gain access user accounts, to data theft, fraud, and brand damage.
- MFA Optimization: enhances multi-factor authentication (MFA) by reducing friction for legitimate users while strengthening security against fraud.
- Credential Stuffing & Bot Protection: safeguards accounts from automated attacks where fraudsters use stolen username-password pairs to gain unauthorized access. Credential stuffing exploits reused credentials from data breaches, while bots automate login attempts at scale.
- Extended Session: allows users to stay logged in for a longer period without needing to re-authenticate, improving convenience and user experience. #see separate subsection
Updated about 1 month ago