Data Breach Detection
Our Data Breach Detection feature enhances your security by identifying leaked passwords before they lead to unauthorized access on your site. The feature actively scans for known leaked credentials and cross-references them with attempts to sign in, sign up, or update a password. When a leaked password is detected, authentication is automatically suspended (if configured), preventing potential security risks.
You can enable the protection directly in your ReachFive Console to add protection around:
Sign up
When a user attempts to sign up with a leaked password, the sign up flow fails, telling the user that his or her password is too weak. This ensures that no one can sign up with a known leaked password.
To enable data breach detection for sign up:
-
In your ReachFive Console, go to .
-
Under the Sign up section, toggle on the feature.
-
Don’t forget to Save your input.
Sign in
When a user attempts to sign in with a leaked password, the user is sent an email or sms depending on what identifier the user attempted to sign in with (if enabled).
You can also suspend the user with the suspension reason set to leakedCredentialsUsage.
-
In your ReachFive Console, go to .
-
Under the Sign in section, toggle on the feature. For Sign in, you can choose to notify the user and/or suspend the user.
-
Don’t forget to Save your input.
Leaked Credentials Notification
Sent to user when they attempt to sign in with leaked credentials
This template should be used to notify users that they attempted to sign in with leaked credentials.
-
Enable the template.
-
Enter the sender’s email in the From field.
-
Write your Subject.
Credentials leaked -
Write your Message for the template.
<p>Hello {{user.given_name}},</p> <p>Your credentials have been identified in a potential data breach. Please contact the site administrator to unlock your account.</p> -
Don’t forget to Save your input.
If you have configured a custom provider, your templates will be different and only contain the following fields:
| Field | Description |
|---|---|
Enabled |
Checkbox to enable the template.
|
Template ID |
The ID that you assign to the template.
|
Redirect to |
The URL to which you want to redirect the user.
|
URL Lifetime (seconds) |
The URL lifetime in seconds.
|
Leaked Credentials Notification
Sent to user when they attempt to sign in with leaked credentials
This template should be used to notify users that they attempted to sign in with leaked credentials.
-
Go to on your ReachFive Console.
-
Toggle to the Leaked Credentials Notification tab.
-
Enable the template by ticking the Enabled checkbox.
-
Use the Message section to write your customised template like the example below:
Hi {{user.given_name}}. Your credentials have been identified in a potential data breach. Please contact the site administrator to unlock your account. -
Don’t forget to Save your input.
If you have configured a custom provider, your templates will be different and only contain the following fields:
| Field | Description |
|---|---|
Enabled |
Checkbox to enable the template.
|
Template ID |
The ID that you assign to the template.
|
Password update
When a user attempts to update his or her password to a known leaked password, the flow fails with an error, telling the user that his or her password is too weak. This ensures that no one can update their password with a leaked password.
-
In your ReachFive Console, go to .
-
Under the Password Update section, toggle on the feature.
-
Don’t forget to Save your input.