AIARCOASC Docs

Account Protector

Account-takeover and credential-stuffing defence with breached-password detection.

What it is

Account Protector instruments your login, signup and password-reset flows. It scores each attempt for risk (geo anomaly, velocity, device reputation), checks submitted passwords against breach corpora and flags compromised accounts.

When to use it

  • Block credential stuffing without locking out humans.
  • Force a step-up when a user logs in from a new device + new country.
  • Notify users whose passwords appear in a public breach.

Quickstart

asc shield account-protector enable example.com --login-route /login --signup-route /signup
asc shield account-protector events list --since -24h
client.shield.account_protector.enable('example.com', login_route='/login', signup_route='/signup')
await client.shield.accountProtector.enable('example.com', { loginRoute: '/login', signupRoute: '/signup' });

Limits & quotas

LimitDefaultBurstNotes
Breach corpus updateWeekly
Risk score0–100Configurable thresholds

Pricing

See pricing. Pay-as-you-go, billed monthly via Stripe.

API surface

  • POST /v1/shield/account-protector/enable
  • GET /v1/shield/account-protector/events

Required scope(s): shield:write. See Scopes.

Security

All access is authenticated and scoped. See Auth & scopes and Network controls.