The reason for warnings about a new IP address from your bank and others

Most home networks are built in two intersecting pieces, neither of which you ever have to worry about:

• On the internet service provider (ISP) side, that company provides a public-facing internet protocol (IP) address that anyone in the world can reach. This is required to establish outgoing connections, too.
• On your local network side, the router provided by the ISP or one you purchased creates a private IP network that uses numbers from a reserved range that can’t be reached outside your local network.

Your router sits between the two, matching incoming and outgoing connections between public systems (like a website or email server) and devices on your network, like a Mac, iPhone, smart TV, or gaming system. Most of the time, you can blissfully ignore this.

However, what happens when you start receiving emails or texts from your bank or other sites that have personal financial, legal, or medical information that your information has changed? One reader started routinely receiving messages like this:

We detected a new sign in from a new location, device, application or browser:
Sign-in details:
SAFARI – MAC OS X
IP: [redacted]

Is this an attack? A sign of a breached account? It’s much more likely that the ISP started rotating through public addresses for the network’s internet-facing side. This could be for network management reasons, to make it easy to add and remove customers automatically without additional configuration. Or it might be a subtle ISP security measure to avoid your network being associated with a particular address over periods of time.

However, our reader started receiving these messages around January 1 of this year. I noticed at the same time that several medical and financial sites I use now constantly send me a code or require a form of second-factor authentication even if I already have a code-based or another method of two-factor enabled. This includes MyChart (by Epic, a massive medical-data information services company) that some of my doctors use, some banking accounts, and my mail-order prescription provider.

Did something change on January 1? To my knowledge, there was no regulatory change. I wonder if a quiet but strong recommendation went out from a federal cyber-security office to step up authentication. It would explain why our reader is seeing this suddenly and my stepped-up authentication requirements as well.

Regardless of the reason, you can confirm the address provided in an email alerting you of a login from a new location by going to the American Registry for Internet Numbers, an organization that manages IP addresses and assignments. Enter an IP address in field in the upper-right corner, click the search button, and the range to which it belongs will appear, likely the name of your ISP or a company they used to be or acquired. In our reader’s case, it revealed Charter, the operator of her Spectrum-branded service.

This Mac 911 article is in response to a question submitted by Macworld reader Pamela.

Ask Mac 911

We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.