You can't make people be secure. You can only help mitigate the damages when their insecurity causes them. Invest time in dealing with what will happen if the user leaves their laptop open to their bank account at starbucks and then goes to the bathroom.
It is going to happen. So offer a way to make it unhappen. Which might mean calling you with some non-computer controllable information. Don't expose their credit card numbers in the app, why would you need to? Don't give people who break in the ability to steal the person's identity. They know who they are. That "Hi Mike Wallace" doesn't need to be there. They may send off all the user's money to some other bank account, and they may then change the password so the user can't get back in. So you setup a hotline the user can call and fix the problem. In short. Make the app safer for the user if he is an idiot and lets other people get in and make the actions taken reversible. Such as putting a delay on transactions. These are all just off the top of my head. My point is that this concept of logging the user out automatically almost assuredly only annoys people or gives them a false sense of security. And it is a cheap hack way to avoid the harder job of making the internals of the app less vulnerable. Sooo... I guess my best practice is to not do it at all. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=41760 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
