February 13, 2017

@Auth0 guest post: Adding ThisData to your Auth Process For Anomaly Detection

Today we have a special guest post from Auth0's Prosper Otemuyiwa on how to add ThisData to your auth process for anomaly detection. Thanks Prosper!


Anomaly Detection is the identification of items in a dataset that do not resemble the majority of the data. It’s very important to be mindful of anomalies in web security because they alert us of potentially malicious activity. In a web application, actions should be taken when anomalies are detected during the authentication process to avoid jeopardizing your users.

Typical Scenario

A user constantly logs in to gmail.com from a particular Mac laptop in Lagos, Nigeria. For some reason, the user has to log in to gmail.com from a friend’s PC in Paris, France.

Gmail.com immediately sends the user an email asking a question similar to “Was this you trying to login?” Gmail.com detects a device you’ve never logged in from before and requests verification from you to ensure that someone else isn’t using your credentials maliciously. That’s Anomaly Detection right there!!! Imagine if you can add that to your own applications!

Let’s Get Started

ThisData gives you real-time detection of account takeover for web and mobile apps. It identifies users based on context and notifies you immediately if an account has been breached.

In this post, you’ll learn how to implement Account Takeover Prevention via ThisData in your Auth0 app in just 5 simple steps.

1. Sign up for a ThisData Account
Browse to thisdata.com and create a free 30 day trial account, as shown below.

2. Get Your API Key
In the first step of ThisData's quickstart is your API key. Please make note of it, as you will be needing it later.

3. Set Up an Auth0 App
In the Auth0 Dashboard create your client Application, as shown in the following screenshot.

Create an Auth0 app

Once you are done with that, head over to the Settings section of the dashboard and take note of your Domain, Client ID and Client Secret as shown below:

Get your Auth0 Credentials

Clone this sample app from Github, open up auth0-variables.js and add your auth0 credentials like so:

var AUTH0_CLIENT_ID='xxxxxxxxxxx';  
var AUTH0_DOMAIN='xxxxxxx.auth0.com';  
var AUTH0_CALLBACK_URL=location.href;  

4. Integrate ThisData

In the Auth0 dashboard, click on the Rules section in the main navigation, then create a rule via the “Create Rule” button located at the top right of the page.

Create a new rule from the Auth0 Management Dashboard

A list of available rules existing on the Auth0 dashboard will be presented to you as shown in the diagram below. Choose the “Account Takeover Prevention via ThisData” rule.

Click on the Account Takeover Prevention via ThisData Rule

This rule is designed to detect phished or compromised user accounts. Even if the primary user authentication is approved it will deny access to a user if the login appears to be highly suspicious. It relies on ThisData anomaly detection algorithms which take into account factors like:

  • Devices
  • Time of the day
  • Tor usage
  • Location & Velocity
  • Risky IP addresses

..and much more.

ThisData has a risk score that is attached to every login event. The higher the risk score, the higher the anomaly detected. If the risk is very high, it blocks the login by raising an UnauthorizedError.

After clicking on the rule, the rule editor will show up. Here, you can see the code that integrates ThisData with your login process.

Rule Editor

Get your ThisData API key and paste it in the Settings section, as shown in the following screenshot. The rule will have access to it as an environment variable.

5. Run & Test Your App
Open up your browser and run the app like so:

Log in into your application, and then head over to ThisData website. You will see the recorded login event with an associated risk score, as follows.

If there is irregular Tor usage, IP address change, sudden change in device or location, or other anomalies, then your app will block the user, and an error message will be shown like the following:

Login Anomaly Detection Error on Login

Conclusion

It is very simple to integrate ThisData in your authentication process when building an app that uses Auth0. ThisData allows you to detect login anomalies to better protect your users and your app from cyber-criminals.

Cyber-attacks are on the rise, so adequate security precautions should be taken to ensure that your users and apps are safe. Empower your applications today with ThisData and Auth0!

YOU MAY ALSO BE INTERESTED IN

The future of authentication

Today I’m excited to announce a deal that we have been working on for the past few months and how that will impact the future of contextual ...

Introducing custom security rules

For the past few years we’ve been working hard to create a plug and play adaptive risk engine. We designed our core service using a mix of b ...