Published on

How LoginLlama works

LoginLlama is a suspicious login detection platform that integrates into your existing authentication process and guards against fraudulent or malicious activity.

This post dives into how it works so you can trust its capabilities.

When a new login is sent, Loginllama looks at:

  • where it came from, based on the IP address
  • what device/browser the customer is using
  • what time of day it is for the potential user
  • have they logged in recently from elsewhere?

In isolation, one of these pieces of information is not tremendously helpful. But together, they form a picture of whether the customer is genuine.

We then study the customer's historical behaviour to analyse if this login is suspicious. If they regularly use an IP address from the UK to access the site, this would not flag up. But this would flag up if they tried with an IP address from somewhere else. These are added up to produce a "suspiciousness score".

As a final step, we look at these scores in Bollinger bands for the user's historical behaviour and then send the decision to an "AI judge" who adds some weight to the argument.

Loginllama will then report back on what it thinks. We weigh the various pieces of information to give you a "true" or "false". But regardless, we tell you why the login looks different (if at all).

The beauty of Loginllama is that the integration power is left to you. We don't require any specific flow. In other words, if for administrators, you want to make sure that they always login from the UK, using Chrome browsers and a Mac laptop. Then you can do that! On the other hand, for your regular users, you can allow VPNs and other browsers without setting off alarms. The decision is left to you.

We hope this has helped you understand how Loginllama works. If you would like more information, please book a call on Calendly here or reach out via Twitter.