Jump to content

Community

Option to turn off Login Notifications at user level.


Would you like to see this implemented ?  

13 members have voted

You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.

Recommended Posts

Hello all, 

So this has already been bought up in different conversations as per the below links: 

https://invisioncommunity.com/forums/topic/452364-users-be-able-to-turn-off-new-device-notifications/ 
https://invisioncommunity.com/forums/topic/443405-choice-to-opt-out-of-new-device-login-emails/ 

I have to echo the feature request for this as per other members here. My forum is a tech community and while not only privacy conscious meaning they clean cookies and cache (Logging them out) and they are also sometimes using the site from multiple machines and upon logging in, keep getting login notifications which is irritating them.

So far as I know the ability to turn off Login Notifications via Email is GLOBAL. I, like others would like to see this become a user level option so users have the option of turning Login Notifications on or off as they see fit. 

I can see that it was at some point raised internally but it looks like nothing has happened since. Could we please get this implemented ?

 

Thanks,
P

Link to comment
Share on other sites

If these were turned offable by my bank I'd never know if someone was stealing my information. While it doesn't seem important in general it is since IPS has the ability to store information from an end user.

Link to comment
Share on other sites

I'm a bit wary about this too in all honesty. Someone may turn it off, forget about it, then in 6 months time something goes down behind-the-scenes with their account somehow and they aren't alerted to the fact. If there was some other security measure in place to supplement the login feature being turned off I'd be more inclined 😇 

Link to comment
Share on other sites

  • Management

I get these constantly from multiple services I use. I find some comfort in them. I do not think it's a good idea to weaken this feature.

Link to comment
Share on other sites

I personally disagree, I think users should be able to disable this under the premise that their account has 2FA enabled. While I understand the argument for forcing it on globally, I would suspect that having an account with 2FA would still render the account rather secure even with login notifications disabled.

Link to comment
Share on other sites

This is a depends situation, and will vary by community.

I want anyone with elevated permissions (moderators, etc.) to get these alerts, but we had resounding feedback from our general members to turn this off. We turned it off because it was all or nothing.

Administrator should be able to say:

  • "We talk about sensitive topics here, where access to anyone's account would be bad. This is a requirement here for everyone."
  • "We have lots of security conscious people here, so this should be the default for everyone, but recognize that some people will browse from a different place every time, or a private browser and be spammed every time they log in by this message, so let's give them the option to turn it off."
  • "We have certain usergroups that require a different setting on this. For Member group A, forcing this on and/or making this the default makes more sense. For member group B, turn this off completely, for Member group C, give them the choice and set it to off by default"
  • "This makes no sense for anyone here. Turn this off globally."

This should have the same configurability as two-factor authentication.

And.... sometimes the e-mail is too much. Give the configuration option (matching granularity above) to use notifications (or something like an announcement header) for this instead.

"Welcome back, Matt. Someone has logged into a new device since your last login. Click here to see device logins associated with your account."

Link to comment
Share on other sites

I had a few complaints about it from my members too, and I ended up fixing it by changing the logic for sending a new notification to not send it if it's from an IP that they have used previously (except moderators and admins, which I retain the old behaviour). Since making that change, I haven't had any complaints from members.

		if ( \IPS\Settings::i()->new_device_email && ($member->isAdmin() || $member->modPermission() ||
				\IPS\Db::i()->select('count(*)', 'core_members_known_ip_addresses',
					['member_id=? AND ip_address=?', $member->member_id, \IPS\Request::i()->ipAddress()]
				)->first() === 0) )

 

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

We use technologies, such as cookies, to customise content and advertising, to provide social media features and to analyse traffic to the site. We also share information about your use of our site with our trusted social media, advertising and analytics partners. See more about cookies and our Privacy Policy