I think it would be safer to confirm (or at least to have the option to enable) every new login by a link received by email.
I upvote this. It would be safer if every new device login should be confirmed by email, or at least have an option to enable it.
By the time someone enters your account, and you realize it wasn’t you, you are probably already comprised.
Do you mean like this?