Block unverified login attempts

Using the enhanced security protection of our Attack Protection Policy, you can block login attempts from unverified users. Any user that attempts to log in with an email or mobile number identifier that hasn’t been confirmed is blocked.

Why is this helpful?

This feature helps to ensure that only users that have intended to sign up or register and have properly verified their correct details are allowed to log into your site. When an attempt is made and this feature is enabled, a login_unverified_identifier event type is emitted to inform you of the attempt.

block unverified flow

Users that attempt to log in with an unverified identifier, receive a message similar to the following:

Unresolved include directive in modules/ROOT/pages/block-unverified-logins.adoc - include::docs:ROOT:partial$r_error-table.adoc[]

— Error key: error.unverifiedLogin

Blocking unverified logins

You can block login attempts from unverified users with a simple operation from your ReachFive Console.


  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.


  1. Go to Settings  Security  Attack protection policy.

  2. Enable the Forbid unverified identifiers login option by toggling the slider to green.

  3. Don’t forget to Save your input.

    enable block unverified logins