Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JPC
Newcomer I
‎06-20-2019 06:13 PM
‎06-20-2019 06:13 PM

Login verification emails

Hi all,

 

I wanted to know whether anyone has implemented (and if so, what did you use to do so) a login verification service that would alert the user, by email for example, if their login originates from an unknown device/location.

 

I've seen this functionality used by Facebook and Google but can't seem to find any vendors selling software or advice on how to do it yourself!?

 

As always, thanks in advance for any help you can give.

 

Reply
0 Kudos
2 Replies
Steve-Wilme
Advocate II
‎06-21-2019 03:16 AM
‎06-21-2019 03:16 AM

Some IAM solutions have this functionality out of the box.  That would be worth investigating, as building your own security functionality could be complex and time consuming.

 

A couple of other approaches would be:

a) Have the user register the device they're using; it will have unique characteristics that you can fingerprint in the HTTP header

b) Use a WAF to block or alert on traffic from unusual origins; like countries your organisation doesn't trade in or delivery to.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Reply
JPC
Newcomer I
‎06-23-2019 05:20 AM
‎06-23-2019 05:20 AM

Thanks Steve, really useful!
I'll check out some IAM solutions as first port of call.
Reply
0 Kudos