Castle uses behavioral data to predict which users are likely a security risk. By evaluating a variety of risk factors, such as access from a new city, changing internet service provider, or connecting from a VPN, the system requests additional identity verification for high-risk scenarios. This provides a strong security experience for your entire user base while remaining transparent to the majority of the users.
Track attempted logins and challenges from your server. This will make sure Castle catches bad actors even though they have not loaded Castle.js, and collects activity essential for detecting password guessing and account checking. It also collects user challenge information, necessary to automatically tune your implementation to minimize false alerts.
Use the Authentication endpoint to deploy a fully automated security workflow where your users resolve their own security alerts. Your team should only have to engage with threats when there has been an actual account takeover.