This was already discussed way back in #122, but now with the Phoenix Live Dashboard announcement I think it's time to add in the telemetry events so it can easily be hooked up.

OWASP recommends logging the following:

• Session ID creation
• Session ID renewal
• Session ID destruction
• Login and logout operations
• Privilige changes
• Timeout expiration
• Invalid session activities
• Critical business operations

I think the following could be nice metrics:

• Number of current sessions
• Number of users signed in
• Number of failed sign in attempts
• Average and peak number of failed attempts per user
• Average and peak number of sessions per user
• Average authentication duration time

Please share if you got any suggestions for what to track 😄