The time warning and extension is helpful because: - It can be frustrating (when doing critical tasks) to be logged out, then have to log back in and go back to where you were - Needed for Section 508 accessibility reasons (gives users more time to complete tasks)
The scammer can extend the session simply by clicking anywhere on the web page. So not showing the time out message doesn't prevent that (although you can argue the message gives them a heads-up that they need to click). I guess you make the timeout message modal, and user needs to enter their password to continue - but that's extra work for the user. Anne wrote: > > I've always been a little leery about extending the time-out. If the use of > the website is primarily for not-so-critical applications like, say, my > login on a knitting forum or something, then yeah, I don't mind a time-out > warning. > > But for critical applications like banking, credit cards, or even > social-networking apps where my reputation is on the line, it always > bothered me. (And of course financial sites are where I most often see it > implemented.) If I-the-scammer walk up to your computer while you're away > and I get a prompt to extend the session and prevent time-out, I've now > bought myself X minutes of free hack-your-stuff time while you're gone. > Isn't the point of timing me out that I have to prove I'm the right user > before I can regain access to the site? > Rachel wrote: For a web-based password-protected site with sensitive information, the > user > usually is logged out after a period of inactivity. Ideally, the user would > be warned before the time-out, > with an option to extend the time. > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
