Would additional validation & verification checks during the Plato login process be helpful for you?
The Login Guard module would add an additional layer of security to the Plato login process.
During user registration or upon a successful login for existing users Plato will calculate a unique signature representing the users IP address, geographic location & browser user agent string.
Upon subsequent successful logins this unique signature will be re-calculated and compared against the existing signature stored within the Plato database. If the signatures differ the account will be automatically locked and an email sent to the account owner asking them to verify the new login attempt.
If the user accepts the new login attempt via the email notification the newer unique signature will be persisted to the database ensuring the user is not prompted again until the signature changes.
Below is an example of the email that would be sent to users...
Hey there, We noticed a new sign in to your Plato account. Date & Time: September 28, 2019 at 5:06 PM GST IP Address (Location): 184.108.40.206 (London, England, United Kingdom) If this was you, please click the link below to allow the new login location... http://example.com/account/verify If you have not signed into Plato recently and believe that someone else may have accessed your account, please change your password immediately. Also, please check the “Sessions” section of your Plato account page, and click “Log Out Other Sessions” if the locations look suspicious or unfamiliar.
If this feature would be helpful for you, your team or business please up-vote this idea to ensure it's prioritised for a future release of Plato.
If you have your own ideas for how this feature should work we would love to hear. Please post your comments here and we'll happily discuss further. Use the "Login to Comment" or "Add Comment" button in the upper right to post your comments. We look forward to hearing from you.
Plato - Better Together