Security at Kinde
Trust center
Attack protection is always on, and Kinde ships with sensible defaults to keep your product protected without you lifting a finger. There are some things you can configure.
Enumeration attacks are where an attacker tries to verify if an account exists using your credentials. One of the ways an attacker knows you have an account or not, is if they enter credenitals (e.g. email or phone number) and the screen either progresses to a password/code entry screen, or shows a message that the account does not exist.
Once an attacker knows an account exists, they can go about breaking in. To prevent them ever knowing, you can ensure that the sign in experience does not give the answer away.
For general information about Kinde security, practices, and policies, see the Trust Center.