Frequency of Auto-Logout / 2FA

exceladdict

exceladdict

Established Member
Joined
Mar 26, 2014
Posts
4,907
Qantas
Platinum
Virgin
Silver
Hi @support,
Could we consider extending the auto-logout period to 60 or 90 days, or make it customisable?
I use AFF across a few trusted devices and after turning on 2FA I seem to be logged out quite frequently.
 
I’ve not seen a setting that enables me to customise 2FA but I can certainly take a look. Generally, I would expect more frequent logouts through 2FA - otherwise it would seem less useful a feature to enable in the first place.

It would appear others share both your views and my views, but it’s not an option I can select. There is an add on… but that requires spending money and testing it doesn’t break other add ons.

xenforo.com

Extend time for 2FA reauthentication when the session is used

It would be nice if a device is being actively used wouldn't need to reauth 2FA every 30 days. Especially nice for the PWA app. Going to be terribly annoying when users have to re-login to the app all the time. Applies to the site as a whole, but especially PWA.
xenforo.com xenforo.com
 
support said:
I’ve not seen a setting that enables me to customise 2FA but I can certainly take a look. Generally, I would expect more frequent logouts through 2FA - otherwise it would seem less useful a feature to enable in the first place.

It would appear others share both your views and my views, but it’s not an option I can select. There is an add on… but that requires spending money and testing it doesn’t break other add ons.

xenforo.com

Extend time for 2FA reauthentication when the session is used

It would be nice if a device is being actively used wouldn't need to reauth 2FA every 30 days. Especially nice for the PWA app. Going to be terribly annoying when users have to re-login to the app all the time. Applies to the site as a whole, but especially PWA.
xenforo.com xenforo.com
Click to expand...
Thanks for checking. The main use case for 2FA for my sake (perhaps different for others) is to prevent the account being hacked by a third party if my password and email were both compromised; figure it's less likely to be compromised via a lost trusted device where an auto-logout would assist (as many corporate policies employ).
 
exceladdict said:
Thanks for checking. The main use case for 2FA for my sake (perhaps different for others) is to prevent the account being hacked by a third party if my password and email were both compromised; figure it's less likely to be compromised via a lost trusted device where an auto-logout would assist (as many corporate policies employ).
Click to expand...

This!

In fact, every 30 days I need to enter a new MFA token but I haven't actually been logged out.

Most websites will allow you to not require entering the MFA token again as an option. That is, as long as you're on the same computer and browser and haven't cleared the site cookies. The idea of MFA isn't to secure a login session should you lose your device that you're logged in on, but rather to prevent someone accessing the site should your password be compromised.

While re-entering every 30 days is a PITA, I can't imagine it will be worth the site owners spending money on it. Although it does discourage people from using MFA.
 
Check out the latest credit card signup bonus point offers
Read our AFF credit card guides and start earning more points now.

AFF Supporters can remove this and all advertisements

Become an AFF member!

Join Australian Frequent Flyer (AFF) for free and unlock insider tips, exclusive deals, and global meetups with 65,000+ frequent flyers.

AFF members can also access our Frequent Flyer Training courses, and upgrade to Fast-track your way to expert traveller status and unlock even more exclusive discounts!

AFF forum abbreviations

Wondering about Y, J or any of the other abbreviations used on our forum?

Check out our guide to common AFF acronyms & abbreviations.

Recent Posts

Currently Active Users

... and 8 more.
Total: 437 (members: 58, guests: 379)
Back
Top