We’ve enhanced Bot Detection by removing rate limits and improving UX with the addition of Google reCAPTCHA enterprise.
Auth0 customers with high volume accounts can enable reCAPTCHA Enterprise to block bots and scripted attacks without worrying about rate limits that threaten failed logins when exceeded.
Background
Credential stuffing attacks can overwhelm customers with unwanted attack traffic. A successful attack will result in account takeover for one or many of their users.
Bot detection mitigates scripted attacks by using the Auth0 risk engine to detect when a request is likely to be coming from a bot. It then presents these requests with a CAPTCHA challenge in the login flow.
Auth0 provides customers the option to choose their CAPTCHA provider based on their needs.
While existing options are awesome at blocking bots, users with high volume accounts found they were bumping up against limits on how many requests they could assess and challenge.
Previously, if a customer reached a rate limit on the number of requests their bot detection engine can process, their login flow gets held up, meaning human users would actually be unable to login. This not only frustrates users, but can also mean a surge of angry calls to the customer support organization.
What Changed
With the addition of reCAPTCHA enterprise, high volume customers can scale up their bot protection with virtually limitless capacity to inspect and challenge bot requests, ensuring that their human users can log in with minimal friction, even while bot traffic surges.
You can learn more about Auth0 Bot Detection here.
Rollout
This feature is generally available. If you cannot see the toggle to enable this feature, you may need to upgrade your plan.
Have Feedback?
If you have suggestions on how we can continue to make our product better, please let us know below in the comments.