Frequency of Auto-Logout / 2FA

exceladdict

exceladdict

Established Member
Joined
Mar 26, 2014
Posts
4,632
Qantas
Platinum
Virgin
Silver
Hi @support,
Could we consider extending the auto-logout period to 60 or 90 days, or make it customisable?
I use AFF across a few trusted devices and after turning on 2FA I seem to be logged out quite frequently.
 
I’ve not seen a setting that enables me to customise 2FA but I can certainly take a look. Generally, I would expect more frequent logouts through 2FA - otherwise it would seem less useful a feature to enable in the first place.

It would appear others share both your views and my views, but it’s not an option I can select. There is an add on… but that requires spending money and testing it doesn’t break other add ons.

xenforo.com

Extend time for 2FA reauthentication when the session is used

It would be nice if a device is being actively used wouldn't need to reauth 2FA every 30 days. Especially nice for the PWA app. Going to be terribly annoying when users have to re-login to the app all the time. Applies to the site as a whole, but especially PWA.
xenforo.com xenforo.com
 
support said:
I’ve not seen a setting that enables me to customise 2FA but I can certainly take a look. Generally, I would expect more frequent logouts through 2FA - otherwise it would seem less useful a feature to enable in the first place.

It would appear others share both your views and my views, but it’s not an option I can select. There is an add on… but that requires spending money and testing it doesn’t break other add ons.

xenforo.com

Extend time for 2FA reauthentication when the session is used

It would be nice if a device is being actively used wouldn't need to reauth 2FA every 30 days. Especially nice for the PWA app. Going to be terribly annoying when users have to re-login to the app all the time. Applies to the site as a whole, but especially PWA.
xenforo.com xenforo.com
Click to expand...
Thanks for checking. The main use case for 2FA for my sake (perhaps different for others) is to prevent the account being hacked by a third party if my password and email were both compromised; figure it's less likely to be compromised via a lost trusted device where an auto-logout would assist (as many corporate policies employ).
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

exceladdict said:
Thanks for checking. The main use case for 2FA for my sake (perhaps different for others) is to prevent the account being hacked by a third party if my password and email were both compromised; figure it's less likely to be compromised via a lost trusted device where an auto-logout would assist (as many corporate policies employ).
Click to expand...

This!

In fact, every 30 days I need to enter a new MFA token but I haven't actually been logged out.

Most websites will allow you to not require entering the MFA token again as an option. That is, as long as you're on the same computer and browser and haven't cleared the site cookies. The idea of MFA isn't to secure a login session should you lose your device that you're logged in on, but rather to prevent someone accessing the site should your password be compromised.

While re-entering every 30 days is a PITA, I can't imagine it will be worth the site owners spending money on it. Although it does discourage people from using MFA.
 

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

... and 10 more.
Total: 963 (members: 60, guests: 903)
Back
Top