Account Takeover Prevention Policy

This policy outlines Vibble’s protections against account compromise, credential theft, and unauthorized access attempts.

1. User-Facing Protections

  • Mandatory MFA prompts for high-risk logins
  • Device and session management dashboard
  • Biometric login support (where available)
  • Suspicious login alerting + email push notifications

2. System-Level Protections

  • Credential stuffing detection
  • Impossible travel and risk-based scoring
  • IP reputation filtering
  • Real-time lockouts after risky behavior patterns

3. High-Risk Accounts

Politicians, journalists, organizations, and verified accounts receive additional security:

  • Mandatory MFA
  • Enhanced login challenge flows
  • Threat monitoring for targeted attacks

4. Recovery Procedures

  • Identity verification checks
  • Review of login logs and device signatures
  • Forced logout across all sessions

5. Contact

Security Support: security@vibble.com
Account Recovery: recovery@vibble.com
Nexa-Group Security: security@nexa-group.org

Esta resposta foi útil? 0 Utilizadores acharam útil (0 Votos)

Mais Popular

Security Practices Disclosure

Security Practices Disclosure This disclosure outlines Vibble’s enterprise-grade...
Bug Bounty & Vulnerability Disclosure Program

Bug Bounty & Vulnerability Disclosure Program This program outlines safe-harbor...
Penetration Testing & Red-Team Disclosure Statement

Penetration Testing & Red-Team Disclosure Statement This statement outlines...
Rate Limiting & Abuse Prevention Policy

Rate Limiting & Abuse Prevention Policy This policy defines how Vibble protects...
Incident Response & Breach Notification Policy

Incident Response & Breach Notification Policy This policy governs how Vibble...