• SolarMonkey@slrpnk.net
      link
      fedilink
      English
      arrow-up
      31
      ·
      4 months ago

      My prior job logged everyone (employees and customers alike) out of the portal after 5 min of inactivity, but uploads to the site often took much longer than that, to say nothing of checking things over, so half the support contacts we got were whining about the timeout, and the only thing I had to say to the people complaining was “yeah man, we have the timeout too, and have to use the site on and off all day, year round, not just for three days a year… I totally agree with you, it doesn’t help, but even our dummy data on test accounts is subject to those rules, so I can’t help you…”

      Instead, I learned the site inside and out by memory (I built the knowledge bases for everything, as a result) and sent the security team every article I could find about how short timeouts were bad for SaaS security because they make people use less secure passwords and skip mfa.