Introduction
SuperTokens Attack Protection Suite is a powerful security feature designed to identify and prevent suspicious activities in authentication and user sessions. It leverages various detection methods to enhance the security of your application.
This feature is currently in beta and not enabled by default. You can find out how to enable this feature here.
Features
Brute Force Attack Detection
Watches how many times someone tries to do a specific action (such as logging in, resetting password, etc.) within a certain time. If there are too many attempts, it stops them to prevent bad actors from compromising accounts.
Password Breach Detection
Checks passwords against a database of leaked passwords to see if they've been leaked before. This helps keep accounts safe by avoiding weak passwords.
Impossible Travel Detection
Identifies potentially fraudulent login attempts by detecting geographically impossible travel between user sessions in a short time.
Bot Detection
Identifies and prevents automated scripts or bots from performing malicious activities such as credential stuffing, account takeover attempts, or scraping sensitive data. It uses advanced algorithms to analyze user behavior, request patterns, and other indicators to distinguish between human users and automated bots.
Suspicious IP Detection
Detects suspicious IP addresses that are known for malicious activities. This includes detecting the use of VPNs, TOR, proxy servers, or other network configurations that may be used to hide the user's true location or identity.
New Device Detection
Recognizes when a user logs in from a new, previously unseen device. This helps find possible unauthorized logins.
Device Count Tracking
Monitors the number of unique devices associated with a user account. This helps spot unusual account use.
Requester Detection
Recognize and remember devices and requester details, even when they try to disguise themselves. This helps track and identify the same device or requester across multiple login attempts, improving security and user recognition.
Flow diagram
The Attack Protection Suite service is typically integrated into your authentication flow. It processes requests and provides risk assessments that you can use to enforce additional security measures, such as requiring two-factor authentication for suspicious logins or blocking high-risk attempts altogether.
By leveraging these advanced detection methods, SuperTokens Attack Protection Suite significantly enhances your application's security posture and helps protect your users from various types of account compromise attempts.
Below is an high level overview of how this works:
Recipes integration
Different recipes have different ways of integrating with the Attack Protection Suite feature.
Passwordless
When using the passwordless recipe, the only check should be brute force detection. Other checks are not needed as the passwordless flow by itself prevents bot attacks.
Email Password Login
When using the email password login recipe, bot detection (and possibly other checks) should be used along with brute force detection.
Phone Password Login
When using the phone password login recipe, bot detection (and possibly other checks) should be used along with brute force detection.
Social/enterprise Login
When using these types of recipes, there should be no checks used.