We're sending email notifications about sign ins. However, they only provide a very few details: username and time of email.
With sign ins taking just a few seconds thanks to password managers, it is easy to quickly forget about the sign in, making checking of mailbox scary.
Some info we may want to add to these notifications:
OS (name, version);
Browser (name, version);
IP address;
Possible geographical location of IP address.
Some things we need to think of and keep in mind if implementing:
this needs to be included in Privacy Policy;
resolution of geolocation should happen locally (offline) on the server using some offline database like db-ip.com:
framasoft. (both country and city available as <year>-<month> or latest, both regular and .gz)
need to find a go package to work with mmdb, or use csv. (they seem to take the same space gzipped)
maybe make this opt-out;
I guess the email server currently stores all notifications sent. It will be better for privacy not to store these notifications after this is implemented.
We're sending email notifications about sign ins. However, they only provide a very few details: username and time of email.
With sign ins taking just a few seconds thanks to password managers, it is easy to quickly forget about the sign in, making checking of mailbox scary.
Some info we may want to add to these notifications:
Some things we need to think of and keep in mind if implementing:
resolution of geolocation should happen locally (offline) on the server using some offline database like db-ip.com: