This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Report suspicious login attempts #4556
Labels
T-Enhancement
New features, changes in functionality, improvements in performance, or user-facing enhancements.
z-feature
(Deprecated Label)
z-p2
(Deprecated Label)
Description: Most services seem to implement this to alert users to break-ins. We should consider at least support sending a notification and optionally locking the account until verified through email or another medium.
It's not a major problem if people don't re-use passwords, but it happens.
To break this down further, I'd like to propose having different levels of security ranging from just checking if the user has signed in from a different region, to checking if the users IP address has changed. This would be useful for people who want a paranoid mode.
In terms of spec, this would require the concept of an account being "locked" as well as an
account_data
type which could store the security level required to trigger a lock. I've mentioned it in synapse first because a server-level alert only (not locking the account) config option would require no spec changes.The text was updated successfully, but these errors were encountered: