I am wondering if there is existing features in discourse or a plugin that can achieve this:
- When the user is inactive for amount of period (like 30 days), when they login, it requires an email verification or 2FA.
- When the user login change IP suddenly, also triggers an email verification or 2FA.
This can help hacking inactive account
Discuss this on our forum.