Skip to main content

Protected Auth

Ensure that only legitimate users can access your authentication flows.

Get started with Protected Auth

Using Protected Auth to defend your signup and login flows.

Modes

  • Enforcement: React to Device Fingerprinting verdicts for your traffic.
  • Observation: Only observe Device Fingerprinting verdicts.

Protected methods

These authentication methods collect fingerprints and prevent actions when a fingerprint receives a BLOCK verdict:
  • biometrics.authenticate
  • cryptoWallets.authenticate
  • impersonation.authenticate
  • magicLinks.email.loginOrCreate
  • magicLinks.email.send
  • otps.authenticate
  • otps.email.loginOrCreate
  • otps.sms.loginOrCreate
  • otps.sms.send
  • otps.whatsapp.loginOrCreate
  • otps.whatsapp.send
  • passwords.authenticate
  • passwords.create
  • passwords.resetByEmail
  • passwords.resetByEmailStart
  • passwords.resetByExistingPassword
  • passwords.resetBySession
  • totps.authenticate
  • totps.recover
  • webauthn.authenticate
Protected Auth is a ready-made feature provided in the frontend and mobile SDKs.

New device notifications

Alert your users if a login is detected from a new device, IP address, or location so they can take immediate action if needed:

New device notifications guide

Detect new devices to trigger user notifications.

Additional ways to use Device Fingerprinting

Both features integrate Stytch’s Device Fingerprinting, which offers a device intelligence layer that can be used to prevent fraud and risk or provide device information as an additional user identifier. More examples on how to use Device Fingerprinting:

Invisible CAPTCHA

Add an invisible bot protection for a smooth user experience.

Prevent free trial abuse

Stop fake account creation abuse.

Block traffic by country

Use IP-based geographic filters for access control.

Remembered device

Add a remembered device flow.