Feature request: User Authentiation Suite
This thread was talking about using Validation to display a message on the login page upon a failed login instead of redirecting to another page.
One poster mentioned that it may be a good idea to make this functionality part of the behaviors. So I thought I'd take it a step further and offer some suggestions for additional features to the authentication behaviors of Security Assist. The registration and login features are already pretty powerful and flexible, especially with the ability to encrypt the password. But here are a few ideas.
(These features could be part of a wizard)
1. Option to specify a login failed option - either a redirect, or show an error message on the page.
2. Options to include multiple messages and actions depending on the login scenario, such as if it a regular login, or a login that gets displayed as a result of a session timeout or user trying to directly access a restricted page.
3. Specify the number of login attempts before locking the account.
4. Identify "unusual" login activity and options for different actions following. For example, unusual activity could mean several unsuccessful attempts and an action could be lock the account and/or send an email to the user. Another example of unusual activity could be localizing the user accruing to IP. Facebook uses this now, they could tell someone was trying to access my account from Singapore and sentence a notice.
5. Additional options that would first have to be part of the registration process and made optional during login or to reset a password. These may include adding secret questions, selecting and identifying an image, and perhaps putting the login ID and password on separate pages.