We should send an email when there's a login from another country (if GeoIP is enabled). It should be optional, possibly enabled by default (users that live near a border might want to disable it).
Email could contain IP and location, maybe even user agent / device information
we should think on the definition of "another country":
one could also use this to give other login behaviours depending on country matching
e.g. in foreign countries having a lager delay after false passwort etc.
I reckon it would be good to look at some other platforms and how they solve it (eg wordpress plugins etc.). Possibly we need some settings to make it maybe configurable. Without thinking too much I'd probably only store the last country. Let's maybe better send an email too often than too less. In worst case a user gets an email too much. Would also have the benefit to signal the user that the feature works :) Don't think it justifies to store a complete history / whitelist of countries for a specific user for now
Also we could send an email when there's a login from another device / browser. We could generate a
configId based on some browser data or set a cookie to identify a device and if one ever logs in from another device we send an email once. This might be rather related to 2 factory authentication (https://github.com/piwik/piwik/issues/2846) though
If text messages are configured in a Piwik (eg for scheduled reports) one should ideally also be able to receive it as a text message on your phone to be able to react quickly in case it wasn't you who logged in...
"Also we could send an email when there's a login from another device / browser."
"one should ideally also be able to receive it as a text message on your phone"
An idea what data to be included in email:
1) Reason for this mail:
There was a login from another country than last time
2) Full description of the account one is talking about:
3) Details of finding:
Country of Login last time
Country of Login this time
4) What to do now?
If you are the one who logs-in in a different country you can delete this mail.
If you aren't the one: Please contact your admin as fast as possible.
Maybe on should ad the email-adress of an admin for direct contact?
without a user may have no information who it is
Maybe email should not only be send to user but also to admin?
I wouldn't go that far and send it to the admin as well. It should be enough to send it to the user.
If we have an "Activity log" page one day we could maybe allow a super user to see all activites of all users (such as when did a user login / logout, it shows time of creating/updating websites, users, ... etc) and maybe also add it to the Custom Alerts feature but this is a different topic :)