|
|
|
|
|
|
by dylz
1996 days ago
|
|
|
My non-invasive way for basic security - nothing sent to third parties at all; no blocking of VPNs other than the usual anti-bruteforce stuff: - GeoIP server side; trigger MFA (email a confirmation code) if country mismatch. Anything less is too granular unless you have some good reason for it, people moved to cheaper places during the pandemic, mobile connections geo horribly wrong when NATed - Drop a random unique cookie (long-lasting) on the client; if this cookie is not present and valid/signed prompt for MFA - Give the user an opportunity to revoke all logged in sessions |
|
|