CategoryProduct updates

Visualizing the Account Recovery Funnel


At Castle, we are focused on building tools that power end-to-end user security alongside a frictionless user experience. We believe that when it comes to protecting your users, the ability to detect unauthorized access to their accounts is just the beginning. Beyond the detection, developers are using Castle’s APIs to block the unauthorized access in-line, notify their users in real-time of...

Leaked Credentials Database


Are your users leaking? One item that is commonplace in a hacker’s toolset is a database of leaked user credentials. The database holds a set of exposed user login credentials — user emails and corresponding passwords for a given site or application. What makes a list like this so valuable for hackers is the fact that most people reuse their passwords across multiple applications. So if a hacker...

How we updated our risk engine to stop “slow and low” password list attacks


In the last six months, we’ve seen an evolution in how attackers are launching password list attacks, which in turn is impacting how best to fight these attacks. It’s become easier than ever to obtain ranges of hundreds of IPs, which makes it possible to masquerade traffic as coming from multiple different sources. Similarly, many of these IPs are registered in the United States. Taken together...