[{"data":1,"prerenderedAt":328},["ShallowReactive",2],{"docsv3-nav":3,"\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention":198},[4],{"title":5,"path":6,"stem":7,"children":8,"page":188},"V3","\u002Fdocs\u002Fv3","1.docs\u002Fv3",[9,13,17,21,38,87,189],{"title":10,"path":11,"stem":12},"Introduction","\u002Fdocs\u002Fv3\u002Fintroduction","1.docs\u002Fv3\u002F1.Introduction",{"title":14,"path":15,"stem":16},"Quick start","\u002Fdocs\u002Fv3\u002Fquick-start","1.docs\u002Fv3\u002F2.Quick start",{"title":18,"path":19,"stem":20},"Challenge flow","\u002Fdocs\u002Fv3\u002Fchallenge-flow","1.docs\u002Fv3\u002F3.Challenge flow",{"title":22,"path":23,"stem":24,"children":25},"Fundamentals","\u002Fdocs\u002Fv3\u002Ffundamentals","1.docs\u002Fv3\u002F4.fundamentals",[26,30,34],{"title":27,"path":28,"stem":29},"Signup protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F00.Signup protection",{"title":31,"path":32,"stem":33},"Login protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F01.Login protection",{"title":35,"path":36,"stem":37},"Access protection","\u002Fdocs\u002Fv3\u002Ffundamentals\u002Faccess-protection","1.docs\u002Fv3\u002F4.fundamentals\u002F02.Access protection",{"title":39,"path":40,"stem":41,"children":42},"Guides","\u002Fdocs\u002Fv3\u002Fguides","1.docs\u002Fv3\u002F5.guides",[43,47,51,55,59,63,67,71,75,79,83],{"title":44,"path":45,"stem":46},"Account sharing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-sharing-prevention","1.docs\u002Fv3\u002F5.guides\u002F1.Account sharing prevention",{"title":48,"path":49,"stem":50},"Web scraping prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fweb-scraping-prevention","1.docs\u002Fv3\u002F5.guides\u002F13.Web scraping prevention",{"title":52,"path":53,"stem":54},"Ban enforcement","\u002Fdocs\u002Fv3\u002Fguides\u002Fban-enforcement","1.docs\u002Fv3\u002F5.guides\u002F14.Ban enforcement",{"title":56,"path":57,"stem":58},"Chargeback dispute","\u002Fdocs\u002Fv3\u002Fguides\u002Fchargeback-dispute","1.docs\u002Fv3\u002F5.guides\u002F15.Chargeback dispute",{"title":60,"path":61,"stem":62},"Multi-accounting prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fmulti-accounting-prevention","1.docs\u002Fv3\u002F5.guides\u002F16.Multi-accounting prevention",{"title":64,"path":65,"stem":66},"Account takeover prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Faccount-takeover-prevention","1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention",{"title":68,"path":69,"stem":70},"Risky transaction prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Frisky-transaction-prevention","1.docs\u002Fv3\u002F5.guides\u002F20.Risky transaction prevention",{"title":72,"path":73,"stem":74},"Fake account detection","\u002Fdocs\u002Fv3\u002Fguides\u002Ffake-account-detection","1.docs\u002Fv3\u002F5.guides\u002F3.Fake account detection",{"title":76,"path":77,"stem":78},"Bot detection","\u002Fdocs\u002Fv3\u002Fguides\u002Fbot-detection","1.docs\u002Fv3\u002F5.guides\u002F4.Bot detection",{"title":80,"path":81,"stem":82},"Card testing prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fcard-testing-prevention","1.docs\u002Fv3\u002F5.guides\u002F5.Card testing prevention",{"title":84,"path":85,"stem":86},"Incentive abuse prevention","\u002Fdocs\u002Fv3\u002Fguides\u002Fincentive-abuse-prevention","1.docs\u002Fv3\u002F5.guides\u002F9.Incentive abuse prevention",{"title":88,"path":89,"stem":90,"children":91,"page":188},"Concepts","\u002Fdocs\u002Fv3\u002Fconcepts","1.docs\u002Fv3\u002F6.concepts",[92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184],{"title":93,"path":94,"stem":95},"Evaluations","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fevaluations","1.docs\u002Fv3\u002F6.concepts\u002F01.evaluations",{"title":97,"path":98,"stem":99},"Actions","\u002Fdocs\u002Fv3\u002Fconcepts\u002Factions","1.docs\u002Fv3\u002F6.concepts\u002F02.actions",{"title":101,"path":102,"stem":103},"Signals","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fsignals","1.docs\u002Fv3\u002F6.concepts\u002F03.signals",{"title":105,"path":106,"stem":107},"Checks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchecks","1.docs\u002Fv3\u002F6.concepts\u002F04.checks",{"title":109,"path":110,"stem":111},"Risks","\u002Fdocs\u002Fv3\u002Fconcepts\u002Frisks","1.docs\u002Fv3\u002F6.concepts\u002F05.risks",{"title":113,"path":114,"stem":115},"Verdicts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fverdicts","1.docs\u002Fv3\u002F6.concepts\u002F06.verdicts",{"title":117,"path":118,"stem":119},"Policies","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpolicies","1.docs\u002Fv3\u002F6.concepts\u002F07.policies",{"title":121,"path":122,"stem":123},"Challenges","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fchallenges","1.docs\u002Fv3\u002F6.concepts\u002F08.challenges",{"title":125,"path":126,"stem":127},"Concurrency","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fconcurrency","1.docs\u002Fv3\u002F6.concepts\u002F09.concurrency",{"title":129,"path":130,"stem":131},"Impossible travel","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fimpossible-travel","1.docs\u002Fv3\u002F6.concepts\u002F10.impossible-travel",{"title":133,"path":134,"stem":135},"Bots","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fbots","1.docs\u002Fv3\u002F6.concepts\u002F11.bots",{"title":137,"path":138,"stem":139},"Devices","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fdevices","1.docs\u002Fv3\u002F6.concepts\u002F12.devices",{"title":141,"path":142,"stem":143},"Fingerprints","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffingerprints","1.docs\u002Fv3\u002F6.concepts\u002F13.fingerprints",{"title":145,"path":146,"stem":147},"People","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fpeople","1.docs\u002Fv3\u002F6.concepts\u002F14.people",{"title":149,"path":150,"stem":151},"Lists","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flists","1.docs\u002Fv3\u002F6.concepts\u002F15.lists",{"title":153,"path":154,"stem":155},"Account takeover","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover","1.docs\u002Fv3\u002F6.concepts\u002F16.account-takeover",{"title":157,"path":158,"stem":159},"Account sharing","\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-sharing","1.docs\u002Fv3\u002F6.concepts\u002F17.account-sharing",{"title":161,"path":162,"stem":163},"Fake account","\u002Fdocs\u002Fv3\u002Fconcepts\u002Ffake-account","1.docs\u002Fv3\u002F6.concepts\u002F18.fake-account",{"title":165,"path":166,"stem":167},"Scraping","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fscraping","1.docs\u002Fv3\u002F6.concepts\u002F19.scraping",{"title":169,"path":170,"stem":171},"Linked accounts","\u002Fdocs\u002Fv3\u002Fconcepts\u002Flinked-accounts","1.docs\u002Fv3\u002F6.concepts\u002F20.linked-accounts",{"title":173,"path":174,"stem":175},"New IP","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fip","1.docs\u002Fv3\u002F6.concepts\u002F21.ip",{"title":177,"path":178,"stem":179},"Anonymizing network","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fanonymizing-network","1.docs\u002Fv3\u002F6.concepts\u002F22.anonymizing-network",{"title":181,"path":182,"stem":183},"Email quality","\u002Fdocs\u002Fv3\u002Fconcepts\u002Femail","1.docs\u002Fv3\u002F6.concepts\u002F23.email",{"title":185,"path":186,"stem":187},"Velocity","\u002Fdocs\u002Fv3\u002Fconcepts\u002Fvelocity","1.docs\u002Fv3\u002F6.concepts\u002F24.velocity",false,{"title":190,"path":191,"stem":192,"children":193,"page":188},"Advanced","\u002Fdocs\u002Fv3\u002Fadvanced","1.docs\u002Fv3\u002F7.Advanced",[194],{"title":195,"path":196,"stem":197},"Proxy setup","\u002Fdocs\u002Fv3\u002Fadvanced\u002Fproxy-setup","1.docs\u002Fv3\u002F7.Advanced\u002F1.Proxy-setup",{"id":199,"title":64,"body":200,"description":210,"extension":322,"meta":323,"navigation":324,"path":65,"rawbody":325,"seo":326,"stem":66,"__hash__":327},"docsv3\u002F1.docs\u002Fv3\u002F5.guides\u002F2.Account takeover prevention.md",{"type":201,"value":202,"toc":315},"minimark",[203,207,211,216,226,230,240,296,299,303],[204,205,64],"h1",{"id":206},"account-takeover-prevention",[208,209,210],"p",{},"Account takeover is someone signing in with credentials that aren't theirs: bought from a breach, phished, or stuffed from a leak.",[212,213,215],"h2",{"id":214},"step-1-set-up-login-and-signup-protection","Step 1: Set up login and signup protection",[208,217,218,219,222,223,225],{},"Before anything else here, set up ",[220,221,27],"a",{"href":28}," and especially ",[220,224,31],{"href":32},". This is a login threat, so login protection is the basis it builds on, and without it the policy below can be bypassed. With those in place, the rest of this guide covers the policy that catches stolen sign-ins.",[212,227,229],{"id":228},"step-2-add-the-policies","Step 2: Add the policies",[208,231,232,233,239],{},"A policy has a trigger (the event it runs on) and a verdict. Add these in your ",[220,234,238],{"href":235,"rel":236},"https:\u002F\u002Fapp.rupt.dev\u002Fpolicies",[237],"nofollow","policies dashboard",":",[241,242,243,262],"table",{},[244,245,246],"thead",{},[247,248,249,253,256,259],"tr",{},[250,251,252],"th",{},"Policy",[250,254,255],{},"Trigger",[250,257,258],{},"Conditions",[250,260,261],{},"Verdict",[263,264,265],"tbody",{},[247,266,267,271,277,293],{},[268,269,270],"td",{},"Challenge unfamiliar logins",[268,272,273],{},[274,275,276],"code",{},"login",[268,278,279,282,283,286,287,282,290],{},[274,280,281],{},"impossible_travel",", or ",[274,284,285],{},"is_new_fingerprint"," and ",[274,288,289],{},"is_new_ip",[274,291,292],{},"ip_is_vpn",[268,294,295],{},"Challenge",[208,297,298],{},"This is a simple and solid policy to verify the user identity via 2FA if there's anything unfamiliar about the login and should take care of the vast majority of the cases of account takeover.",[212,300,302],{"id":301},"related","Related",[304,305,306,311],"ul",{},[307,308,309],"li",{},[220,310,31],{"href":32},[307,312,313],{},[220,314,153],{"href":154},{"title":316,"searchDepth":317,"depth":317,"links":318},"",2,[319,320,321],{"id":214,"depth":317,"text":215},{"id":228,"depth":317,"text":229},{"id":301,"depth":317,"text":302},"md",{},true,"---\ntitle: Account takeover prevention\n---\n\n# Account takeover prevention\n\nAccount takeover is someone signing in with credentials that aren't theirs: bought from a breach, phished, or stuffed from a leak.\n\n## Step 1: Set up login and signup protection\n\nBefore anything else here, set up [Signup protection](\u002Fdocs\u002Fv3\u002Ffundamentals\u002Fsignup-protection) and especially [Login protection](\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection). This is a login threat, so login protection is the basis it builds on, and without it the policy below can be bypassed. With those in place, the rest of this guide covers the policy that catches stolen sign-ins.\n\n## Step 2: Add the policies\n\nA policy has a trigger (the event it runs on) and a verdict. Add these in your [policies dashboard](https:\u002F\u002Fapp.rupt.dev\u002Fpolicies):\n\n| Policy                      | Trigger | Conditions                                                                   | Verdict   |\n| --------------------------- | ------- | ---------------------------------------------------------------------------- | --------- |\n| Challenge unfamiliar logins | `login` | `impossible_travel`, or `is_new_fingerprint` and `is_new_ip`, or `ip_is_vpn` | Challenge |\n\nThis is a simple and solid policy to verify the user identity via 2FA if there's anything unfamiliar about the login and should take care of the vast majority of the cases of account takeover.\n\n## Related\n\n- [Login protection](\u002Fdocs\u002Fv3\u002Ffundamentals\u002Flogin-protection)\n- [Account takeover](\u002Fdocs\u002Fv3\u002Fconcepts\u002Faccount-takeover)\n",{"title":64,"description":210},"guKjx411lcnQCpXsb3nL3uokK1cF8SGkKUhfc7NUBz4",1780344893047]