Block unverified login attempts

Using the enhanced security protection of our Attack Protection Policy, you can block login attempts from unverified users. Any user that attempts to log in with an email or mobile number identifier that hasn’t been confirmed is blocked.

Why is this helpful?

This feature helps to ensure that only users that have intended to sign up or register and have properly verified their correct details are allowed to log into your site.

block unverified flow

Users that attempt to log in with an unverified identifier, receive a message similar to the following:

Unverified identifier account. To login, please verify your identifier with the email or the SMS that you received.

The error key is error.unverifiedLogin.

Blocking unverified logins

You can block login attempts from unverified users with a simple operation from your ReachFive Console.


  • You must have access to the ReachFive Console.

  • You must have a Developer, Manager, or Administrator role.


  1. Go to Settings  Security  Attack protection policy.

  2. Enable the Forbid unverified identifiers login option by toggling the slider to green.

  3. Don’t forget to Save your input.

    enable block unverified logins