Sorry, I mean the current implementation seems trivial to spoof. I agree that doing something like your suggestion would make me feel much more comfortable about those logins.