Continuing the discussion from MFA for users:
Auto session logout has been requested numerous times, and since 2FA is already an idea, it only seems logical to place this one in idea as well since its easy to implement.
Log out time would need to be configurable. As otherwise the changes would be a retrograde step for my use case where
- separate computers are used / users are trusted
- access control is done outside of Manager
3 Likes
I definitely agree that session timeout should be available and configurable by the administrator. People these days use all sorts of devices in all sorts of places. Manager stores a lot of sensitive information! If users have read-only access, they may not log out and someone else with access to the same device might see sensitive and confidential information. If users DO have write access, someone might accidentally change sensitive information! Regardless, I think a program that stores sensitive financial information should at least offer the opportunity for better security. If not needed by a department, it can be turned off, but for those who need it, security is important and should be offered.