Aug 7, 2025

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.

Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.

To learn more about Brute Force Protection read on online documentation here

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.

Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.

To learn more about Brute Force Protection read on online documentation here

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.

Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.

To learn more about Brute Force Protection read on online documentation here

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.

Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.

To learn more about Brute Force Protection read on online documentation here

We’ve improved our bot detection model to strike a better balance between security and user experience, with specific gains for tenants whose users frequently access resources via VPN.

Highlights of this update include:

Reduced false positives for VPN users: The model now more effectively distinguishes between legitimate users and bots, even when traffic originates from shared IPs or anonymized networks.
Improved user experience without compromising security: These updates are designed to reduce unnecessary friction for valid users while maintaining strong defenses against automated threats.

This enhanced security capability is now available to all Enterprise customers with the Attack Protection add-on. The rollout is currently underway and will be completed over the coming weeks in alignment with individual customer release schedules.

For activation details or to learn more about protecting your applications, please refer to our documentation or contact your account team. We're committed to helping you stay secure in an evolving threat landscape.

What changed: When the user's email is available, Auth0 will now send an email notification for brute‑force blocks in all identifier scenarios (e.g., phone, username), supplementing existing delivery rules.

Why it matters: Ensures users receive blocking notifications consistently even when logging in via phone or username, improving visibility and response.

To learn more about Brute Force Protection read on online documentation here

Jul 31, 2025

Introducing a new capability for log streaming: PII Masking.

This feature allows customers to obfuscate (hash or mask) sensitive personal identifiable information (e.g., email address, phone number, username, etc.) within their log streams. This enhancement improves security and compliance for customers who stream their logs to data lakes or third-party tools.

Key Features:

Customizable PII Masking: Customers can select specific PII data to be masked in their log streams.
Enhanced Security and Compliance: This capability helps customers meet stricter compliance requirements by providing greater control over sensitive data in their logs.
Broad Applicability: PII masking will be available for both new and existing log streams.