Ask HN: Why do companies implement GEO-based login checks?
As someone who often travels, I find myself locked out of services such as GitLab because I'm trying to authenticate in another country.
Is it really that unusual? Less that travel is unusual more often than not it's that company data is not allowed outside of host country. This could be laws straight up blocking it or just the unfavorable legal risk that comes with it that makes your IT department implement stuff like this. Also it's great addition for multi layered passwordless security :) another tool in the box. Is it really that unusual? Not unusual but it depends on the implementation. Usually this is done to prevent credential stealing/sharing. There should be logic that measures time from logging in from one location to another. e.g. If you logged in from NYC and then tried to log in from Istanbul 30 minutes later then based on the limitations of transportation logistics it should be logical to block that attempt. Another use case for geological based checks would be checking the box to attempt to block countries that are legally sanctioned. And then there is the topic of VPN's and what to do about them. This is just my opinion but I would open a case and ask for more details from them as to what happened and why.