Users should be informed when a login attempt (successful or otherwise) is made for their account that could be potentially suspicious. What constitutes a suspicious login is still yet to be defined and will consist of mostly fuzzy criteria that'll be easy enough to spoof but will require quite significant effort on the attacker's part to make it work.
Some initial loose criteria for consideration;
Logins from impossible locations (e.g. login 1 made in London, next login made 20 minutes later in NYC)
Logins from different devices (e.g. login 1 made on a desktop, next login on an android phone, next login on an iphone)
Logins from spoofed user agents (a user agent that doesn't quite match the expected format, perhaps deviates from a set of pre-defined formats)
Hey 👋 Stumbled across this issue from your twitter.
I've actually built this already! It supports all of these criteria and more! :)
Would love to hear your feedback.
Users should be informed when a login attempt (successful or otherwise) is made for their account that could be potentially suspicious. What constitutes a suspicious login is still yet to be defined and will consist of mostly fuzzy criteria that'll be easy enough to spoof but will require quite significant effort on the attacker's part to make it work.
Some initial loose criteria for consideration;