I have checked my my login history multiple times to see if someone has accessed it. It sometimes documents my logins (5% of the time). I have tried to login from other domains and again it only sometimes/rarely documents it.
This does not give me a good feeling that I am accurately seeing if someone has access to my account. Yes I know I could change my password, and I have. But, this is suppose to be a log so that IF someone gets in, I would be able to at least a simple forensic and see if it was someone I know or even it was local or international.
Is there something I don't have setup correctly. As far as I know there is nothing for me to set. Is this feature just broken?
Changing your password on a regular basis is much better than checking the logs, because if someone really did get into your site, wouldn't they change the logs too?
I wonder if checksums would not be a far more accurate method of seeing data being altered than log files. A checksum would detect any change no matter how small, even if changed then put back.
You missed the point. I am in the computer industry so I know all about the good practices you said and so many more. But, I want to know who (at least the IP), my kids, ISIS, whatever. Obviously I could/would change my password.
As far as the log files, I don't know how to access them other than display. The login history only displays in a dialog box so there is no chance for editing, at least not an obvious way.
I suspect that anyone that gets in my email would likely be low-tech because there is nothing interesting other than 'oh, he order vitamins again from Amazon'. This is a personal account, all real business is done on a professional business server. Even with that, the important stuff is on a network that is not connected to the internet, just the local business unit.