I kind of hate getting these emails, but they do serve a useful purpose of letting people know when their accounts have been accessed.
There are good ways to do these (like putting a permacookie on any browser where somebody has signed in), but the easy way is to just send the email whenever somebody signs into CL.
I don't think we need this yet because:
we don't have a lot of private data yet
impersonation attacks are pretty mild
etc.
But we should have it on our radar as a future security/privacy enhancement (it's also a good one for a volunteer to take on!).
I kind of hate getting these emails, but they do serve a useful purpose of letting people know when their accounts have been accessed.
There are good ways to do these (like putting a permacookie on any browser where somebody has signed in), but the easy way is to just send the email whenever somebody signs into CL.
I don't think we need this yet because:
But we should have it on our radar as a future security/privacy enhancement (it's also a good one for a volunteer to take on!).