For reporting and audit reasons, SMAX should automatically save the last login time into the user's person record. Additionally, failed login attempts should be counted and also saved in the person record of any matching user, and displayed to that user at the next successful login (e.g. "<X> unsuccessful login attempts since <LastLoginTime>")
Note that these are very common features in other applications and in most operating systems.
- Saving the last login time enables the following functionality:
Detect inactive users (who have not logged in for a certain time).
Report on user activity.
- Count and display number of unsuccessful login attempts:
Allow a user to detect if someone else is trying to penetrate his SMAX login.
This could be implemented by adding two new fields to the person record, and make SMAX update them during login processing.