Lock me out. Don’t log me out!
I hate how paypal, banks and credit card sites kick you out of the login session after a certain timeout.
I can appreciate the need for security – if I leave my desk and my screensave is off, I don’t want a casual visitor to take over my paypal account. But on the other hand, to have to login again just because I happened to catch up on my rss reading is a bit of a hassle.
Cyberauthorize solved it beautifully – I am still logged in, but I do need my password to do anything. Just like with a desktop machine.
I’m not sure how easy it is to bypass – but it certainly needs more than what a casual visitor passing by my desk can do. For me, it’s the exact right balance between security and convenience and I hope this technique will become the ‘default’ behavior in all other web services.