Account Protector
Account-takeover and credential-stuffing defence with breached-password detection.
What it is
Account Protector instruments your login, signup and password-reset flows. It scores each attempt for risk (geo anomaly, velocity, device reputation), checks submitted passwords against breach corpora and flags compromised accounts.
When to use it
- Block credential stuffing without locking out humans.
- Force a step-up when a user logs in from a new device + new country.
- Notify users whose passwords appear in a public breach.
Quickstart
asc shield account-protector enable example.com --login-route /login --signup-route /signup
asc shield account-protector events list --since -24hclient.shield.account_protector.enable('example.com', login_route='/login', signup_route='/signup')await client.shield.accountProtector.enable('example.com', { loginRoute: '/login', signupRoute: '/signup' });Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Breach corpus update | Weekly | — | |
| Risk score | 0–100 | — | Configurable thresholds |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/shield/account-protector/enableGET /v1/shield/account-protector/events
Required scope(s): shield:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.