Today we have a special guest post from Auth0's Prosper Otemuyiwa on how to add ThisData to your auth process for anomaly detection. Thanks Prosper!
Anomaly Detection is the identification of items in a dataset that do not resemble the majority of the data. It’s very important to be mindful of anomalies in web security because they alert us of potentially malicious activity. In a web application, actions should be taken when anomalies are detected during the authentication process to avoid jeopardizing your users.
Gmail.com immediately sends the user an email asking a question similar to “Was this you trying to login?” Gmail.com detects a device you’ve never logged in from before and requests verification from you to ensure that someone else isn’t using your credentials maliciously. That’s Anomaly Detection right there!!! Imagine if you can add that to your own applications!
Let’s Get Started
ThisData gives you real-time detection of account takeover for web and mobile apps. It identifies users based on context and notifies you immediately if an account has been breached.
In this post, you’ll learn how to implement Account Takeover Prevention via ThisData in your Auth0 app in just 5 simple steps.
1. Sign up for a ThisData Account
Browse to thisdata.com and create a free 30 day trial account, as shown below.
2. Get Your API Key
In the first step of ThisData's quickstart is your API key. Please make note of it, as you will be needing it later.
3. Set Up an Auth0 App
In the Auth0 Dashboard create your client Application, as shown in the following screenshot.
Once you are done with that, head over to the Settings section of the dashboard and take note of your Domain, Client ID and Client Secret as shown below:
Clone this sample app from Github, open up
auth0-variables.js and add your auth0 credentials like so:
var AUTH0_CLIENT_ID='xxxxxxxxxxx'; var AUTH0_DOMAIN='xxxxxxx.auth0.com'; var AUTH0_CALLBACK_URL=location.href;
4. Integrate ThisData
In the Auth0 dashboard, click on the Rules section in the main navigation, then create a rule via the “Create Rule” button located at the top right of the page.
A list of available rules existing on the Auth0 dashboard will be presented to you as shown in the diagram below. Choose the “Account Takeover Prevention via ThisData” rule.
This rule is designed to detect phished or compromised user accounts. Even if the primary user authentication is approved it will deny access to a user if the login appears to be highly suspicious. It relies on ThisData anomaly detection algorithms which take into account factors like:
- Time of the day
- Tor usage
- Location & Velocity
- Risky IP addresses
..and much more.
ThisData has a risk score that is attached to every login event. The higher the risk score, the higher the anomaly detected. If the risk is very high, it blocks the login by raising an UnauthorizedError.
After clicking on the rule, the rule editor will show up. Here, you can see the code that integrates ThisData with your login process.
Get your ThisData API key and paste it in the Settings section, as shown in the following screenshot. The rule will have access to it as an environment variable.
5. Run & Test Your App
Open up your browser and run the app like so:
Log in into your application, and then head over to ThisData website. You will see the recorded login event with an associated risk score, as follows.
If there is irregular Tor usage, IP address change, sudden change in device or location, or other anomalies, then your app will block the user, and an error message will be shown like the following:
It is very simple to integrate ThisData in your authentication process when building an app that uses Auth0. ThisData allows you to detect login anomalies to better protect your users and your app from cyber-criminals.
Cyber-attacks are on the rise, so adequate security precautions should be taken to ensure that your users and apps are safe. Empower your applications today with ThisData and Auth0!