Lock me out. Don’t log me out!

I hate how paypal, banks and credit card sites kick you out of the login session after a certain timeout.

I can appreciate the need for security – if I leave my desk and my screensave is off, I don’t want a casual visitor to take over my paypal account. But on the other hand, to have to login again just because I happened to catch up on my rss reading is a bit of a hassle.

Cyberauthorize solved it beautifully – I am still logged in, but I do need my password to do anything. Just like with a desktop machine.

lockout, not logout!

I’m not sure how easy it is to bypass – but it certainly needs more than what a casual visitor passing by my desk can do. For me, it’s the exact right balance between security and convenience and I hope this technique will become the ‘default’ behavior in all other web services.

Share
  • http://locksmithinwestpalmbeach.com/faq-list/ LockSmith Palmbeach

    You are right man. Not only pay pal but also moneybookers does it. If you leave the page inactive for few minutes moneybookers signs you out. This is very much disgusting. Whatever I consider this for only security reasons you know.