New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Give IPs more trust if they already logged-in previously to the same account #492

Open
LukasReschke opened this Issue Jul 21, 2016 · 3 comments

Comments

5 participants
@LukasReschke
Member

LukasReschke commented Jul 21, 2016

If an user has already logged-in previously to an account it may be sensible to give them a little bit more trust. We should also clear the throttling limit for that account then in case they want to relogin later or so.

Needs some more discussion and thoughts…

@oparoz

This comment has been minimized.

Member

oparoz commented Jul 21, 2016

Hmmm. I'm not convinced as some IPs are recycled while others are spoofed. There is also the problem of a device which becomes infected with malware.

@tflidd

This comment has been minimized.

Contributor

tflidd commented Aug 2, 2016

I would do it the other way round, if it is an unusual location you must use second factor authentication.

@Spacefish

This comment has been minimized.

Contributor

Spacefish commented Aug 2, 2016

Maybe use maxmind geodb or just the class A network the user logged in
with. Once a new country or class A is spotted (which the user has never
logged in from before) lower the trust.

@nextcloud-bot nextcloud-bot added the stale label Jun 20, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment