Update on Low Sign in Success Rate

Brief:

Filtering what we've blocked slightly increase desktop sign in success rate
Currently we're not as effective as needed in blocking brute force attempt
Fix is on the way, model is being worked on by Po, implementation by Krisna on usrrep and usrpapi to be released next week

Link URL: https://tvlk.slack.com/files/U9ENY9BD3/FPHTM1127/image.png

Link to DOMO: https://traveloka.domo.com/page/1910225800/kpis/details/1144120438

While filtering out blocked attempts increased the success rate, we haven't seen desirable result (close to 40% rate seen in app)

Failure in raising the success rate is due to attackers are able to go through our defense mechanism (mainly rate limit, IP velocity)

Link URL: https://tvlk.slack.com/files/U9ENY9BD3/FPHTSC6UT/image.png

Link to DOMO: https://traveloka.domo.com/page/1654913277/kpis/details/975384956

As attacks are happening in 24 October, we see that there's still a majority portion of attempts that's being categorized as WRONG_USERNAME_OR_PASSWORD . This means that these attempts were not being blocked by rate limiter/IP velocity. Have the current strategy been effective, we'd see more attempts getting blocked in time of attack, with similar number genuine unsuccessful attempt during the time frame.

Based on previous analysis on anomalous sign in attempts, we're confident that we'd be able to block brute force attempt by success rate. Test on staging with production data has confirmed that the API managed to identify these IPs as VERY_EVIL (222.124.151.85, 112.78.191.254, 181.112.139.58, 103.102.0.35). These IPs are top contributor to number of attempts in September that happens to have low success rate (<1% as defined in current rule)

We're expecting to have the new IP blocking implemented by mid of next week:

Po is currently working on blackbeard IP API. ETA: end of this week
Krisna is currently developing on usrrep based on the agreed contract. For full implementation, usrrep and usrpapi will be released next week.