Send warnings when someone logs into your account with 2FA

Hello,

I recently got an idea regarding Google Authentificator and I wanted to share it here,

As some of you may know, 2FA email verification can sometimes be bypassed by hackers if they manage to know your account password. Some people (like Roblox advises in Security tab Settings) enabled Google Auth 2FA instead of Google Auth AND 2FA Email Verification.

However when you only enable Google Auth, you will no longer receive emails about login unlike 2FA Email.

  • My idea was maybe to add a login attempt email warning such as “Someone tried to log into your account”
    Or maybe it could be a SMS or something you can select between SMS or Email message warning.

  • Also thought about shared devices on the account like several websites are doing (such as instagram for example) maybe adding the ability to log a device off the account after entering the account password would be a good idea? However I do not think the IP should be shown for security reasons

You can share your opinions via replies I’d gladly read them :slight_smile:

Good day!

9 Likes

I like your suggestions.

It would be nice if it were similar to the security features provided by DevForum.

Here we can check from which devices the account was logged, and close it for each one. In addition, it gives us other information, such as the time of last connection and location.

And the option of being able to link Yubikey or other physical keys to 2FA. Those would be 3 good suggestions. :slightly_smiling_face:

1 Like

Yes! exactly what I was thinking about, I forgot to mention Devforum’s one maybe if we get a password request to log devices off it should be helpful and we also would be certain nobody is on our account by looking at the connected devices if Roblox did it here, I am certain they can do it for the main website.