Risk-Based Authentication

GoValid uses risk-based authentication to detect and prevent unauthorized access.

Overview

Risk-based authentication analyzes multiple signals during login to determine if a login attempt is legitimate or suspicious. Based on the risk score, additional verification may be required.

Risk Signals

GoValid analyzes the following signals:

Signal	Description	Risk Level
Geolocation	Login location compared to usual locations	High
VPN/Proxy Detection	Whether the connection uses VPN or proxy	High
Device Fingerprint	New or unrecognized device	Medium
IP Reputation	IP address reputation and history	Medium
Time Pattern	Unusual login time	Low
Failed Attempts	Number of recent failed logins	High

Risk Scoring

Each signal contributes to an overall risk score:

Score Range	Risk Level	Action
0-30	Low	Allow login
31-60	Medium	Require 2FA
61-100	High	Require 2FA + email verification

Login Flow

Low Risk Login

Enter credentials → Verified → Logged in

Medium Risk Login

Enter credentials → 2FA required → Enter 2FA code → Logged in

High Risk Login

Enter credentials → 2FA required → Enter 2FA code → Email verification → Logged in

VPN and Proxy Detection

GoValid detects connections from:

• Known VPN services
• Proxy servers
• Tor exit nodes
• Data center IPs

When detected:

• Login is flagged as higher risk
• Additional verification may be required
• The event is logged for review

Geolocation Analysis

GoValid tracks your typical login locations:

• Country and city
• IP address ranges
• Time zones

When a login comes from an unusual location:

• Risk score increases
• Additional verification may be required
• You may receive a notification email

Login Risk Logs

All login attempts are logged with risk information:

{
  "timestamp": "2025-01-29T12:00:00Z",
  "user_id": 123,
  "ip_address": "203.0.113.1",
  "location": {
    "country": "ID",
    "city": "Jakarta"
  },
  "device": "Chrome on Windows",
  "risk_score": 25,
  "risk_level": "low",
  "signals": {
    "known_device": true,
    "known_location": true,
    "vpn_detected": false
  },
  "result": "success"
}

Viewing Login History

1. Go to Account → Security → Login History
2. View all recent login attempts
3. Filter by risk level
4. Review details for each attempt

Notifications

You receive notifications for:

• Login from new device
• Login from new location
• High-risk login attempt
• Multiple failed login attempts

Notification Channels

• Email (always)
• Push notification (if enabled in mobile app)
• In-app notification

Developer option: API access

Get Login Risk Logs

curl https://api.govalid.org/api/v1/account/security/logs/ \
  -H "Authorization: Bearer YOUR_TOKEN"

Get Risk Settings

curl https://api.govalid.org/api/v1/account/security/risk-settings/ \
  -H "Authorization: Bearer YOUR_TOKEN"

Best Practices

1. Enable 2FA: Adds protection even if credentials are compromised
2. Review login history: Check for suspicious activity regularly
3. Keep contact info updated: Ensure notification emails reach you
4. Use trusted devices: Mark your regular devices as trusted
5. Report suspicious activity: Contact support if you see unauthorized access

Related

• 2FA & Trusted Devices - Two-factor authentication
• Security Overview - Security architecture
• Account & Billing - Account management