Checking if someone is still using the device
Description
The device (or app) automatically revokes access when it hasn’t been used for a while. Some banking apps automatically log customers out after a period of inactivity or if they open another app.
IF thinks this is a useful pattern for securing accounts without placing an extra burden on people. It’s easy to forget to log out. However, getting someone to log in again every time they leave the app may cause too much friction, outweighing the potential harms of someone else gaining access.
In the future, it might be replaced with Ongoing authentication through behaviour.
Advantages
- People don’t have to remember to log out.
- Reduces the risk of someone being able to use the account if the user is away.
Limitations
- If the inactivity settings are too sensitive, people may be logged out while they’re still using the service. Having to log in frequently will cause frustration.
- Could make it harder for people with accessibility needs to use the service, depending on how it is implemented.
Examples
-
Lock screen after a period of time on macOS →
Locks screen and asks for password after a period of inactivity.
-
Automatic log out on Barclaycard app →
The Barclaycard app will automatically log out if the user goes to the home screen, or opens another app, or is inactive for more than 3 minutes or the screen times out.
-
Wrist detection on Apple Watch →
Wrist detection can keep the watch unlocked for as long as the screen is on or it maintains skin contact.
Related patterns
Was this pattern useful?