Forum Discussion
Code - 50173
Hi, I see a number of Risky Sign-ins with the code 50173 - Fresh auth token is needed. Have the user re-sign using fresh credentials. And the status is "Failure". But I noticed the IP address c...
I think is not MFA. This is the failure reason.
Sign-in error code : 50173
Failure reason: Fresh auth token is needed. Have the user re-sign using fresh credentials.
I assume someone out there is trying to established the connection. But I wasn't sure whether by "token auth", does it mean somebody has successfully created/login to the account before.
I haven't seen this before.
A token is given to the user after successful authentication.
The error makes it seem that the token is expired, which would indicate that the user has signed into that device before.
Thijs Lecomte
Is this anything we can do based on the information captured by the Sign-In data? Like the IP address of the session? Block it or any security measure? Thanks.- I would check with the user first to double check if the alert was legit.
If it wasn't legit, blocking an IP doesn't help much as attackers change IP addresses every minute.
I would advise you to check how the attacker was able to log into the account and work from there
