This entry is about our IPS Community Suite 4.2 release.
One of our more technically-oriented features for 4.2, we have added more detailed logs of user logins, and the devices and IP addresses used. This brings several new features:
Notification of a new device sign in
If enabled, users can receive an email notification when a new device is used to log into their account:
When a user signs in for the first time, a special key is set to recognise the browser on subsequent logins. This mean the notification email does not trigger on a new IP address, which would be annoying when travelling or if using a network where the IP address changes regularly. Instead, the notification is only triggered if someone signs into your account from a new physical device or web browser.
UserCP Device Management
If enabled, a new page will show in the user's settings page showing all the devices which have been used to log into their within the last 90 days (which is recent enough that could still be logged in if "Remember Me" was checked).
Users can see the device, browser, physical location (obtained by a GeoIP lookup) and if applicable, how the login was processed (for example, if the sign in was with Facebook or Twitter, this will show). If they chose "Remember Me" when logging in, they can undo that (handy if you realise you accidentally left yourself signed in on a public computer).
If they see anything they don't recognise, a page to walk them through the necessary steps to re-secure their account is available.
New Two-Factor Authentication Setting
"Logging into the front-end" is one of the options of when to prompt for Two Factor Authentication. In 4.2, this has been separated into two distinct settings:
- Logging into the front-end from a new device
- Logging into the front-end from a known device
If you enable the former, but not the latter, and the user has previously logged in devices, the system will automatically show an explanation to users alongside the other available recovery option. This can be useful especially if you do not want to offer other recovery options.
AdminCP Device Management
In the AdminCP, administrators can see all the device and IPs a member has used. They can also disable automatic login for any device.
The system can also detect if another user is using the same device and will show this in the list of devices.