Security and compliance center

Protecting user identities is the core of the ReachFive platform. This guide outlines the available features for hardening your authentication flows, detecting malicious activity, and maintaining compliance.

🛡️ Threat detection and prevention

Proactively block malicious actors and automated attacks before they compromise user accounts.

Feature	Description
Identity Fraud Protection	Detect and block suspicious IPs, bot attacks, and credential stuffing attempts in real-time.
Data Breach Detection	Automatically check user credentials against known global data breaches and force password resets if a match is found.
Account Lockout Policies	Prevent brute-force attacks by temporarily locking accounts after repeated failed login attempts.
Risk-Based Authentication (RBA)	Dynamically adjust authentication requirements based on user behavior and risk scores.
Captcha Protection	Integrate captcha challenges to distinguish human users from bots during authentication flows. This includes support for both reCAPTCHA and CaptchaFox, allowing you to choose the solution that best fits your needs.
Rate Limiting	Protect your tenant from abuse and denial-of-service attacks by limiting the number of requests per user or IP.

Feature

Description

Identity Fraud Protection

Detect and block suspicious IPs, bot attacks, and credential stuffing attempts in real-time.

Data Breach Detection

Automatically check user credentials against known global data breaches and force password resets if a match is found.

Account Lockout Policies

Prevent brute-force attacks by temporarily locking accounts after repeated failed login attempts.

Risk-Based Authentication (RBA)

Dynamically adjust authentication requirements based on user behavior and risk scores.

Captcha Protection

Integrate captcha challenges to distinguish human users from bots during authentication flows.

This includes support for both reCAPTCHA and CaptchaFox, allowing you to choose the solution that best fits your needs.

Rate Limiting

Protect your tenant from abuse and denial-of-service attacks by limiting the number of requests per user or IP.

🔐 Access control and authentication

Ensure that only the right people have access to the right accounts using multi-layered security.

Multi-Factor Authentication (MFA): Add a layer of security via SMS, Email, or Authenticator Apps.
Password Management: Enforce complexity, history, and expiration rules to keep user credentials strong.
Single Sign-On (SSO): Manage SSO sessions directly from the ReachFive Console for tighter control.
Scopes & Permissions: Limit the access level of applications and users to specific resources.
PKCE Flow: Secure your mobile and single-page applications against authorization code interception.

👁️ Observability and auditing

Track every change and access event within your ReachFive Console and tenant.

Audit Logs: A complete history of administrator actions and API events for forensic analysis.
Security Webhooks: Subscribe to real-time events like login_failed or account_locked to trigger internal alerts.

📜 Compliance and data privacy

Tools to help you meet GDPR, CCPA, and other regulatory requirements.

Consents: Version and track user consents for terms of service and privacy policies.
Consent groups: Manage consent groups to align with different regulatory frameworks.
Double opt-in consents: Implement double opt-in flows to ensure valid user subscriptions.

Need to report a vulnerability? If you have found a security issue with the ReachFive platform, please contact our security team immediately at security@reachfive.com.