Top Questions Post-Onboarding

What is the best practice when an account is about to be accessed?

  • Our official recommendation is to implement an inline reset password operation based on the flagging we provide (a header with a breached response when a login attempt is made).
  • This option allows for an account to no longer be vulnerable and reduces the attack surface.
  • This option also takes the only resource that attackers have in credential stuffing attacks and removes it, thus, is able to render attacks with zero success rate for the long run.
  • There are other ways to protect against ATO which can also include hardening certain actions within the account, obfuscating sensitive information, and introducing additional authentication methods for checkout/other sensitive actions.

Is there an option to query out-of-band credentials against the collection?

Yes, using our Risk API, [contact us]( for more information.