For the past 30 years, computer security has mostly centered on users authorizing themselves at the front door of applications and websites. Once they have entered their correct name and password, an entire site is generally open to them.
Auth0 is trying to change that with a platform that offers identity as a service and works throughout the user engagement process, even adding extra security when needed.
The biggest hurdle to such efforts aimed at continuous identity protection, and why most attempts fail, is the sheer number of bot-based and scripted login attempts leveled at websites and applications these days. Those attacks are more than enough to overload most platforms that are trying to analyze users.
To counter these threats, Auth0 Signals was created as a key component to the Auth0 identity management software as a service (SaaS) platform, and in our testing, could stop most script-based attacks, or those leveled by bots.
How Auth0 works
The Auth0 identity as a service platform analyzes various tasks that users can perform, including things like signing up for a website, requesting an account recovery, logging in and renewing a session. When any of those monitored tasks are performed at a company protected by Auth0 (about 25,000 as of this writing, according to company officials), details about that transaction are sent to the anomaly detection engine in the cloud. It will then provide a confidence score that can be used to create rules or trigger responses like blocking that user or throwing up a captcha challenge.