In the current login system, there is this security feature where if someone logs in to an account using a different IP address than the one the account normally uses, they will have to verify themselves using their email address even if it's the same device that they always use. This can be annoying to users who use VPNs or have an IP address that changes pretty quickly. This can also be a problem if a user deletes their email. The only way to disable this security feature is to enable 2FA. Email Verification is a good way to keep hackers out unless your email password is the same as your Discord password.
Here are some ideas that can improve the login system.
- Don't only just remember IP addresses, but also remember devices where even if someone logs into their account from a different IP address on the same device it will skip email verification
- Add another security feature where if a user logs in to an account using a token it will require email verification or 2FA verification to change account security settings. This won't happen on devices that are logged into using the username and password. This will help users who are victim of account thefts get their accounts back easily.
Войдите в службу, чтобы оставить комментарий.