7 November 2024 (v2.123)

ReachFive v2.123 introduces a few improvements and needed bug fixes. We’re happy to introduce our Data Breach Detection feature. We now retrieve an additional field from Kakao. You can also now filter users by MFA credentials on the ReachFive Console.

As always, we made some general improvements and fixed a few items for you.


Release highlight

Data Breach Detection
2123 dbd

Our Data Breach Detection feature enhances your security by identifying leaked passwords before they lead to unauthorized access on your site. The feature actively scans for known leaked credentials and cross-references them with attempts to sign in, sign up, or update a password. When a leaked password is detected, authentication is automatically suspended (if configured), preventing potential security risks.

When you choose to add the Data Breach Detection feature to your ReachFive integration, you get added protection against data breaches, ensuring your users know your brand is dedicated to mitigating security risks on their behalf. Staying on top of leaked passwords builds trust and ensures valuable user information isn’t put at risk.

Enable the protection directly in the ReachFive Console knowing user events are logged to mark when leaked credentials are in use and deleted for further auditing purposes. Automatically notify users with dedicated email and SMS templates (Sign in option).

For more, see Data Breach Detection.

Kakao verified phone numbers

You are now able to retrieve and leverage the phone_number_verified information from KakaoTalk. The information below outlines what happens when users authenticate using Kakao with ReachFive.

If the phone_number scope does not exist for the account, neither the phone_number or phone_number_verified fields are retrieved or valued inside the ReachFive profile for the user.

For more details, see Kakao Connect.

SMS feature enabled

If the SMS feature is enabled and the phone_number scope exists, we retrieve the phone_number_verified and set the boolean on their ReachFive profile to the appropriate value true if verified and false if unverified.

SMS feature not enabled

If the SMS feature is not enabled, even if the phone_number scope exists, phone_number_verified remains false.

Kakao App requirement

You must enable OpenID Connect Activation on your Kakao Login application in order to retrieve the phone_number_verified information.

Where do I enable this? 🤔

As of this date (7 November 2024), you can find this inside your Kakao Developers portal:

  1. Go to Kakao Login.

  2. Toggle the OpenID Connect Activation State to On.

    2123 kakao



Filter by MFA users

You can now filter users by those who have enrolled their identifier (email or phone number) for Multi-factor Authentication. This can help you analyse or produce reports of how many of your users are using MFA. This includes filtering by the MFA credential type, when it was created, and the phone number. Email is the email associated with the user account and is returned as normal in a search.

This is available for filtering:

Example scenario

You want to get a quick reference of how many of your users have enrolled their mobile or email for MFA.

  1. Go to your ReachFive Console.

  2. Navigate to Analytics  Profiles.

  3. Click Filter.

  4. In the field, type MFA and you see the options to filter by the following:

    • User - MFA - Type (Authentication)

    • User - MFA - Email - Created At

    • User - MFA - Phone Number - Created At

    • User - MFA - Phone Number - Value

      2123 MFA profile filter
      See the MFA credentials object for details on each of these fields.

General improvements

  • We made some improvements to ensure that external_id is valued and retained properly in the User profile object.

Fixes

Item Fixed

The logout user event wasn’t being properly displayed under Recent activity on the ReachFive Console.

There were some role issues for users authenticating to the ReachFive Console with Azure.

There was temporarily an access issue for those using MFA on the ReachFive Console.

There was a brief issue with updating roles for clients in the ReachFive Console.

For a brief period, you could not save changes to Email templates.