Search This Blog

Thursday, December 22, 2011

(I) great example of session timeout.. Everyone should follow this

So many times in our business we ask or evaluate an application for session timeouts.  We hear "But we have screen savers on the Windows systems enforced by Group Policy".  This is not session timeout, this is locking the terminal requirement.  

So many times you see apps stay open all day, overnight or over the weekend.  You have no idea who is actually using the app at any given time. Session timeout lets IT and InfoSec know who is using an app recently, giving us more accurate troubleshooting and resource management.  If you are an admin of an app that does not timeout... Well that's not good either.

So take a look at how HootSuite times you out after an hour and forces you to login again...  Banks do it, so should all Internet apps... 1 hour is plenty of time.  If you don't like logging in, then use a URL & Password manager like LastPass to speed things up.