Improvements over Login

I use ASE from the first release for all websites. Kudos, great work!

First, could you please tell me how I can delete failed login attempts? There is almost 800 entries in 4 months.

[Request@LLA] Maybe improve as;

• Login attempts: After this number of failed login attempts the user and IP address will be temporarily blocked. // xx attempts

• Interval: If the number of failed login attempts is exceeded within this timeframe, the IP address and user will be blocked. // xx min.
• Lockout duration: The user and IP address will be temporarily unable to log in for the specified duration. // xx min.
• Trigger captcha on failed login attempts, -or always- as you know, Cloudflare Turnstile is a free CAPTCHA replacement.

• Region/County/City: If admin is only intended for users to login from specific geographical regions, you can entirely prevent logins from certain continents or countries.
• Event Log: It can alert the administrator by e-mail after a certain threshold for successful logins or failed login attempts.

Request@{Two-Factor Authentication}

Two-Factor authentication allows users to login using a second authentication method, other than their e-mail address and password. It is one of the most powerful ways to prevent account theft. You know.

• Authenticator App (TOTP) TOTP requires users to authenticate using a third-party app such as Google Authenticator. I’d like to see this feature.

I don’t prefer e-mail 2FA because e-mail verification sends a verification code to the user’s email address. This method provides protection against leaked or weak passwords, though it is less secure than other 2FA methods. If a user’s email inbox is compromised, one could still get access to the user account.