cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
JPC
Newcomer I

Login verification emails

Hi all,

 

I wanted to know whether anyone has implemented (and if so, what did you use to do so) a login verification service that would alert the user, by email for example, if their login originates from an unknown device/location.

 

I've seen this functionality used by Facebook and Google but can't seem to find any vendors selling software or advice on how to do it yourself!?

 

As always, thanks in advance for any help you can give.

 

2 Replies
Contributor II

Re: Login verification emails

Some IAM solutions have this functionality out of the box.  That would be worth investigating, as building your own security functionality could be complex and time consuming.

 

A couple of other approaches would be:

a) Have the user register the device they're using; it will have unique characteristics that you can fingerprint in the HTTP header

b) Use a WAF to block or alert on traffic from unusual origins; like countries your organisation doesn't trade in or delivery to.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP M.Inst.ISP
JPC
Newcomer I

Re: Login verification emails

Thanks Steve, really useful!
I'll check out some IAM solutions as first port of call.