Confluent Cloud Security Protections for Authentication

Confluent monitors authentication attempts to Confluent Cloud user accounts to detect anomalies and protect your Confluent Cloud resources from unauthorized access. When suspicious behavior is detected, Confluent uses the following security protections to safeguard your Confluent Cloud resources.

Detect compromised passwords

When a local user attempts to sign in to Confluent Cloud, Confluent monitors the authentication attempt and during the sign-in compares the user credentials (a combination of an email address and a password) against a list of known compromised user credentials. If the user credentials match a known compromised email address and password combination, the user is blocked from signing in and is required to reset their password.

Because users sometimes reuse the same email address and password across multiple websites and services, attackers often attempt to use compromised user credentials obtained from a security breach or data leak at one website or service to attempt to sign in to other websites or services. By comparing a user’s credentials against the list of known compromised user credentials, Confluent can detect and prevent unauthorized access to Confluent Cloud user accounts and resources.

Note

Confluent never stores user passwords in plain text.

Upon detecting compromised user credentials, Confluent performs the following steps:

  1. The user account is blocked until the password is reset.
  2. The user receives an email notification informing them about the risk and instructing them to reset their password to regain access to their account. The message includes a password reset link that is valid for one hour.

Prevent brute force attacks

In an effort to gain access to Confluent Cloud user accounts and resources, attackers sometimes use brute force attacks to repeatedly attempt to sign in to user accounts. Brute force attacks are typically automated and systematically work through a dictionary of possible passwords to find the correct password for a user account.

To prevent brute force attacks, Confluent tracks the number of failed sign-in attempts to a Confluent Cloud user account from a specific IP address. After exceeding the threshold for the number of failed sign-in attempts, the suspicious IP address is blocked from signing in to Confluent Cloud. The user can reset the password for their account to unblock the specific IP address or contact Confluent Support to unblock the IP address.

Throttle suspicious IP addresses

If a malicious actor rapidly attempts to sign in to a Confluent Cloud user account or sign up for Confluent Cloud user accounts from a specific IP address, and after exceeding login attempts, the IP address is blocked from sign-in to the user account on Confluent Cloud and the Confluent Support Portal. If the user uses different credentials to log into the Confluent Support Portal, the password must be individually reset on the Support Portal as well to regain access to the Support Portal.