I received notifications of 3 failed login attempts, the timing of the logins (which I assume is the time of the warnings) made me suspect that it is another specific user I am aware of. Is it possible to check, say, by comparing the user's IP address with the one attempting to login into mine, and what measure can be taken to ensure that that user does not try it again? I know it is possible to do a check user when someone is suspected of sockpuppetry but they may not have a record of login attempts.
Topic on Help talk:Login notifications
Hi @Hzh. There's no way to stop somebody from attempting to log in to your account. We cannot make the IP address of the attacker available because of our privacy policy. The best thing to do is to have a very secure password and turn on 2 factor authentication if you're concerned about your account being hacked. There are bots on the web that randomly try to login to thousands of accounts at the same time, pretty much all the time. This feature is designed to help you know when your account is under attack and you should make sure you have sufficient protection. Thank you.
The question is not about making any IP address available, but checking against another user I suspected of doing this, and not a random bot. I think they do check IP addresses when they want to confirm if someone is engaging in sockpuppetry, and no IP addresses are revealed in their investigation. I would assume by your reply that there is nothing set up to check if one user attempting to hack into another, and that I find odd because if a user is trying to get into someone else's account it is likely to be for malicious purposes. Presumably we would have to wait until the attempt to hack into another user's account is successful?
Yes. It is possible to see if the IP addresses that were recorded trying to log into your account matches any of a registered user. I think those are sent to you by email or on-wiki notification, right? However I'd made the request in private to the CUs of your project (or the stewards should your project does not have local checkusers), because due to privacy policy limitations we won't be able to publicy link registered accounts to IP addresses except on a limited set of circumstances.
Addendum: so apparently at Topic:Twx9rnfr524tfjip they say that the IP addresses ain't sent to the users. In that case unless this kind of actions are recorded in the RC or CU table, we would not be able to compare.
I am receveing 15 notifications about failed login attemps from 9 days, what should I do?
Platonides, pay attention.
FrankCesco26 you should ensure that you have a strong password, so they won't be able to break into your account. Also, you may be able to enable two-factor authentication in which case even discovering your password won't allow them to log in.
How can I activate it?
@FrankCesco26 you would do it from Special:Two-factor_authentication, see In your case, it seems you don't have the rights to use it on any project.
He can request to be added to a group that allows 2FA in m:SRGP.
What's the reason behind 2FA not being available to everyone?
I am not sure. It is currently only avalaible to "privileged" groups. A proposal to expand the feature to all groups is being discussed on Meta-Wiki and at a Phabricator ticket I cannot remember right now. Please note that this was emergency deployed shortly after the OurMine hacking attack campaign, and my guess is that this was done to protect accounts with sensitive accesses from being compromised and that they decided not to roll this out to all users for now because there might be still issues pending to resolve (like enabling other options to recover your account should you mess with your scratch codes, etc. I don't know who you can ask for further information though. Regards.
How can I request it?
FrankCesco26: Hello. Please post a request at m:Steward_requests/Global_permissions#Requests_for_other_global_permissions or, if it is easier for you, leave me a message requesting to be added at my talk page at m:User talk:MarcoAurelio. Regards.