The ability to see your own Login History
Ok, what I would like to be done here is not as self explanatory as it first seems.
What I dont want is for everyone to be able to see their login history as a staff member sees it because in the event that their account gets compromised the compromiser can see their IP which for obvious reasons is not ideal.
What could be done however is that the IPs could be labelled in an arbritrary way, IP 1 IP 2 etc. This would allow you to see if a new IP has entered your account without letting everyone se your IP if they happen to get in and you could be notified if there is a new UP.
Now the issue with this is that many people have dynamic IPs (their IPs change quite a lot) so for these people this would he less beneficial, however since many IP tracing websites exist, and generally with dynamic IPs only the last sets of numbers in the IP change. So in this case the user is ONLY notified if a completely new IP enters their account. But they can still chexk out the login history any time.
if this suggestion is poorly written Ill try to give an example for USER A:
Earliest login at the top, !!! Indicates the incident being flagged as suspucious and the user notified by email & pm
1.1.1.1
1.1.1.1
1.1.2.1
1.1.1.2
1.1.1.2
1.1.1.3
1.1.1.1
2.2.3.4 !!!
1.1.1.1
the 1.1.1.1 would be the same for all users of course since the real IP is not being shown just an arbitrary version like this where 1 indicates the 1st entry for that number in the IP
This system would make hacking harder as if there is a single failed attempt (these show up on login history already) from a new IP the user will be motivated or preferably required to make a new password
Note: this was written on my phone so sorry in advance for typos