Signing in to a service

Checking if someone is still using the device

A mobile screen reads "you've been inactive, signing you off in 20 seconds".


The device (or app) automatically revokes access when it hasn’t been used for a while. Some banking apps automatically log customers out after a period of inactivity or if they open another app.

IF thinks this is a useful pattern for securing accounts without placing an extra burden on people. It’s easy to forget to log out. However, getting someone to log in again every time they leave the app may cause too much friction, outweighing the potential harms of someone else gaining access.

In the future, it might be replaced with Ongoing authentication through behaviour.


  • People don’t have to remember to log out.
  • Reduces the risk of someone being able to use the account if the user is away.


  • If the inactivity settings are too sensitive, people may be logged out while they’re still using the service. Having to log in frequently will cause frustration.
  • Could make it harder for people with accessibility needs to use the service, depending on how it is implemented.