Block unverified login attempts

Using the enhanced security protection of our Attack Protection Policy, you can block login attempts from unverified users. Any user that attempts to log in with an email or mobile number identifier that hasn’t been confirmed is blocked.

Why is this helpful?

This feature helps to ensure that only users that have intended to sign up or register and have properly verified their correct details are allowed to log into your site. When an attempt is made and this feature is enabled, a login_unverified_identifier event type is emitted to inform you of the attempt.

block unverified flow

Users that attempt to log in with an unverified identifier, receive a message similar to the following:

Unverified identifier account. To login, please verify your identifier with the email or the SMS that you received.

— Error key: error.unverifiedLogin

Users that attempt to log in with an unapproved identifier, receive a message similar to the following:

You cannot authenticate using {0}

— Error key: error.invalidLoginType

Protect against unwanted logins

You can block login attempts from unverified users with a simple operation from your ReachFive Console. You can also specify which identifiers are even allowed to attempt a login in the first place.

Prerequisites

  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.

Specify allowed identifiers

  1. Go to Settings  Attack protection policy  Allowed identifiers.

  2. Toggle which identifiers you want to be able to attempt to log in to your site. Those that are not enabled will no longer be able to attempt logins.

    • Email

    • Phone Number

    • Custom identifier

  3. Don’t forget to Save your input..

    allowed identifiers login

Block unverified logins

  1. Go to Settings  Security  Attack protection policy.

  2. Enable the Forbid unverified identifiers login option by toggling the slider to green.

  3. Don’t forget to Save your input.

    enable block unverified logins