top | item 37936550

(no title)

jjjjoe | 2 years ago

Thinking about my own usage patterns, when I'm working from home my laptop is VPNed to somewhere reasonably close lag-wise, but certainly not within 50 miles of my house. Meanwhile my phone is studiously checking my inbox using either the local cell tower or my home WiFi.

So if I go look at my personal access logs, I see myself flitting back and forth across the country constantly. I wonder how they plan to filter out these incredibly common false positives without also clobbering detection of thoroughly-owned (consistently-flitting) accounts.

discuss

supriyo-biswas|2 years ago

This is a security product focused on the workplace, so they just need to mark their VPN IPs as trusted, or look at the flow logs between the user’s VPN packets to detect the original IP they’re connecting from.

chaps|2 years ago

GrubHub has this problem, kind of I think. If I'm on a VPN GrubHub will often deny access ("invalid password"...). Worse is, logging off of the VPN doesn't immediately help and neither does using another browser. Only thing I can do is wait until it decides to forget. Absolutely frustrating.

ComputerGuru|2 years ago

That’s almost certainly nothing related to location detection so much as it is the VPN block of IPs being marked as less trustworthy. Then there’s a cooldown on a flagged account that stops you even after disconnecting.

cypherg|2 years ago

this (practically ubiquitous use of VPNs) is the number one reason sec analysts hate impossible travel alerts lol.

A better technical solution is prevention of access via IP allowlisting and then only allowing specific (Corp VPN) addresses.