This repository has been archived by the owner on Feb 18, 2019. It is now read-only.
Enhance the "report this" capability in transactional emails. #63
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
With signin unblock we added the ability for users to click a link with the text "if this wasn't you, report this login." If a user clicks the link, the signin confirmation code is invalidated, and we have a signal that can be fed back into our security infrastructure and monitorting. For example, if a sufficient number of clicks occur over a given time period, an alert could be sent to Ops for further investigation. The IP address used to sign in could also be placed on the naughty list on the customs server and fed back to the IP reputation system. If the same IP address is used for multiple login attempts, the IP address could be blocked.
We only added the initial link to the signin unblock email. This same functionality could also be added to other transactional emails like signin confirmation, password reset, signin from a new device, and even password changed.
Both signin confirmation and password reset contain codes that could immediately be invalidated. With the other two emails, we know the user's account password has been compromised - we already suggest the user change their password. In addition, we could disconnect the session that was reported.
The text was updated successfully, but these errors were encountered: