Hi all,
I wanted to know whether anyone has implemented (and if so, what did you use to do so) a login verification service that would alert the user, by email for example, if their login originates from an unknown device/location.
I've seen this functionality used by Facebook and Google but can't seem to find any vendors selling software or advice on how to do it yourself!?
As always, thanks in advance for any help you can give.
J
Some IAM solutions have this functionality out of the box. That would be worth investigating, as building your own security functionality could be complex and time consuming.
A couple of other approaches would be:
a) Have the user register the device they're using; it will have unique characteristics that you can fingerprint in the HTTP header
b) Use a WAF to block or alert on traffic from unusual origins; like countries your organisation doesn't trade in or delivery to.