Improvements over Login
-
I use ASE from the first release for all websites. Kudos, great work!
First, could you please tell me how I can delete failed login attempts? There is almost 800 entries in 4 months.
[Request@LLA] Maybe improve as;
- Login attempts: After this number of failed login attempts the user and IP address will be temporarily blocked. // xx attempts
- Interval: If the number of failed login attempts is exceeded within this timeframe, the IP address and user will be blocked. // xx min.
- Lockout duration: The user and IP address will be temporarily unable to log in for the specified duration. // xx min.
- Trigger captcha on failed login attempts, -or always- as you know, Cloudflare Turnstile is a free CAPTCHA replacement.
- Region/County/City: If admin is only intended for users to login from specific geographical regions, you can entirely prevent logins from certain continents or countries.
- Event Log: It can alert the administrator by e-mail after a certain threshold for successful logins or failed login attempts.
Request@{Two-Factor Authentication}
Two-Factor authentication allows users to login using a second authentication method, other than their e-mail address and password. It is one of the most powerful ways to prevent account theft. You know.
- Authenticator App (TOTP) TOTP requires users to authenticate using a third-party app such as Google Authenticator. I’d like to see this feature.
I don’t prefer e-mail 2FA because e-mail verification sends a verification code to the user’s email address. This method provides protection against leaked or weak passwords, though it is less secure than other 2FA methods. If a user’s email inbox is compromised, one could still get access to the user account.
- You must be logged in to reply to this topic.