https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/24084#M1432 Thanks Steve, really useful!<BR />I'll check out some IAM solutions as first port of call. Sun, 23 Jun 2019 09:20:22 GMT JPC 2019-06-23T09:20:22Z https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/23996#M1412 <P>Hi all,</P><P>&nbsp;</P><P>I wanted to know whether anyone has implemented (and if so, what did you use to do so) a login verification service that would alert the user, by email for example, if their login originates from an unknown device/location.</P><P>&nbsp;</P><P>I've seen this functionality used by Facebook and Google but can't seem to find any vendors selling software or advice on how to do it yourself!?</P><P>&nbsp;</P><P>As always, thanks in advance for any help you can give.</P><P>&nbsp;</P><P>J&nbsp;</P> Thu, 20 Jun 2019 22:13:34 GMT https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/23996#M1412 JPC 2019-06-20T22:13:34Z https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/24008#M1414 <P>Some IAM solutions have this functionality out of the box.&nbsp; That would be worth investigating, as building your own security functionality could be complex and time consuming.</P><P>&nbsp;</P><P>A couple of other approaches would be:</P><P>a) Have the user register the device they're using; it will have unique characteristics that you can fingerprint in the HTTP header</P><P>b) Use a WAF to block or alert on traffic from unusual origins; like countries your organisation doesn't trade in or delivery to.</P> Fri, 21 Jun 2019 07:16:48 GMT https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/24008#M1414 Steve-Wilme 2019-06-21T07:16:48Z https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/24084#M1432 Thanks Steve, really useful!<BR />I'll check out some IAM solutions as first port of call. Sun, 23 Jun 2019 09:20:22 GMT https://community.isc2.org/t5/Tech-Talk/Login-verification-emails/m-p/24084#M1432 JPC 2019-06-23T09:20:22Z