Announcing impossible travel detection for all customers

Thinking about my own usage patterns, when I&#x27;m working from home my laptop is VPNed to somewhere reasonably close lag-wise, but certainly not within 50 miles of my house. Meanwhile my phone is studiously checking my inbox using either the local cell tower or my home WiFi.<p>So if I go look at my personal access logs, I see myself flitting back and forth across the country constantly. I wonder how they plan to filter out these incredibly common false positives without also clobbering detection of thoroughly-owned (consistently-flitting) accounts.

So if I&#x27;m browsing your site from a VPN, you&#x27;ll block me because of a datacenter IP. Then when I turn off my VPN to make your site work, you&#x27;ll block me because I traveled too fast to my new location.

&gt; We decided that &quot;reasonable&quot; was roughly the speed of sound.<p>I wonder whether they&#x27;ll remember to bump this up once commercial flights on the Boom Overture start.

Yes, because IP based geolocation is famously accurate.

If they&#x27;re not checking if it&#x27;s the same device (or if it&#x27;s a new device) that&#x27;s connecting from the new IP, they&#x27;re not really helping that much. Again, this is where client-based auth (preventative) is better than a spotty, reactive, response.