Impossible travel

Impossible travel refers to a situation where a user's actions suggest they have accessed a particular system or resource from two different geographic locations within an impossibly short amount of time.

For example, if a user logs into their account from New York and then, within a few minutes, appears to log in from London, it would be considered impossible travel. This kind of activity often indicates a security breach or a compromised account, as it would be physically impossible to travel between those locations in such a short time.

Prerequisites

There are no prerequisites for detecting impossible travel.

Configure impossible travel

In the Frontegg portal

You can choose from the following actions when a user performs impossible travel:

Allow - Let the user continue to the app.
Challenge - Challenge the user with MFA. If they pass, they continue to the app.
Block - Block the login attempt.

impossible-travel-1

Allow - The user is allowed to continue to the app.
Challenge - The user will get an MFA challenge. If they pass, they continue to the app. If they fail, their login gets blocked.
Block - The user will receive a failed login message.

Notify end users of impossible travel

You can choose to notify users of possible impossible travel attempts by checking the relevant checkbox.

impossible-travel-2

Analyzing impossible travel in your app

Security events

If you’re curious how many times impossible travel events happen in your app, you can view them over time in Security Events to see when and where they occurred.