Several measures to enhance security
Because it is about user privacy data, I hope nextdns should be able to do better in account security protection.
1. Add a button to close the API KEY.
Not everyone needs API KEY, but if this API KEY is leaked, malicious users will be able to get the log information of the domains that have been visited by users at will, and what's worse, users can't even know when the API KEY is known by others (may be caused by forgetting to quit the account, etc.). So, I hope we can give users an option to decide whether to enable this feature which has some risks.
2. Add a button to reset (regenerate) the API KEY
When you have to use an API feature, but clearly know that the previous API KEY has been compromised, the best way is to regenerate an API KEY, so hopefully NextDNS will support this feature, which is also a way to ensure a more secure API KEY
3. Display the number and information of currently logged in sessions
Users need to know what time, what IP, and what terminal their account is logged into, as many cookie stealing methods are now able to mimic the user's login without their knowing. It would also be nice to support the ability to kick out of a login session, or have a feature called "log out of devices other than this one"
For example, the infamous "CloudBae Big Data Industry Development Co.", a hacking company with an official background in China, was able to steal and monitor users' online behavior with the help of government-controlled telecommunications companies
There are two other ideas which can improve security:
"I would be nice if you could enable the option to receive an email alert on successful login."
U2F Security Key (YubiKey) support