Quote:
Originally Posted by rowan
GeoIP could be used to flag a possible hack attempt - if the last 100 logins are from the USA but the account is suddenly logging in from CN or RU there's probably something up
|
That's also a good point. If not to include where access comes from, then as you say, to "exclude places where access will not come from" or at least flag that.
So if I know with a high degree of certainty that I will never access from say China or Pakistan, I should be able to exclude access from any IP originating from CN, PK or any given set of countries. Of course, hackers can hide it but I guess it all helps.
Quote:
|
I was suggesting something more simple: any new IP needs to be authenticated, perhaps via an email link, or better, something like SMS.
|
With Namecheap 2FA you always have to confirm using the code you get in Phone or SMS so I don't see how this will add any extra benefit.
Quote:
|
Then again.... I guess people who fall for phishing aren't going to know or care about IP based security. Or 2FA, for that matter.
|
True but nor will they be likely to have anything worth stealing.
Namecheap actually has some of the best account security tools in the name space but I'll suggest some of these ideas to them.