Block unverified login attempts
Using the enhanced security protection of our Attack Protection Policy, you can block login attempts from unverified users. Any user that attempts to log in with an email or mobile number identifier that hasn’t been confirmed is blocked.
Protect against unwanted logins
You can block login attempts from unverified users with a simple operation from your ReachFive Console. You can also specify which identifiers are even allowed to attempt a login in the first place.
Prerequisites
-
You must have access to the ReachFive Console.
-
You must have a Developer, Manager, or Administrator role.
Specify allowed identifiers
-
Go to
. -
Toggle which identifiers you want to be able to attempt to log in to your site. Those that are not enabled will no longer be able to attempt logins.
-
Email
-
Phone Number
-
Custom identifier
-
-
Don’t forget to Save your input..
Block unverified logins
You can block unverified logins with this feature. There are two options:
-
Forbid unverified identifiers login: When enabled, it blocks unverified login attempts after the initial signup and login.
-
Forbid unverified identifiers login after signup: When enabled, it blocks unverified login attempts even at signup.
When Forbid unverified identifiers login after signup is enabled:
-
Signup endpoints do not issue tokens when identifiers are unverified:
-
The Core SDK
signup
method returns anAuthResult
without an access token or redirect in this case. -
The UI SDK
showAuth
method displays an overridable message (signup.awaiting.identifier.verification
) telling users to verify their identifier.-
A new
isIdentifierVerificationRequired
field is included in thesignupEvent
callback to simplify flow handling.
-
-
Go to
. -
Enable the Forbid unverified identifiers login option by toggling the slider to green.
-
If desired, you can also enable the Forbid unverified identifiers login after signup option by toggling the slider to green.
-
Don’t forget to Save your input.
-