Balancing Security and Convenience

By on April 7, 2008 5:39 pm

At SitePen, we value amazing user experiences. Once in a while, you see an elegant solution to a problem that has annoyed users for years.

For most consumer web sites and web applications, logging a user out of a service after a certain amount of inactivity is not very important, and does more to annoy a user than anything else. In the enterprise or when using bank web sites, security is a far greater concern, and most services resort to logging users out automatically after 15 or 30 minutes of inactivity. This is especially frustrating for users of advanced web apps, which might require several clicks to restore the user interface back to the state it was in before the session timed out.

NetSuite takes a decidedly different approach to balancing convenience with security. After a period of inactivity, the user interface is locked with a dialog asking the user to re-enter their password to resume their session.

NetSuite Session Locking

This does a great job of handling the security issue of users walking away from the screen, and presumably they have added code on the server-side to lock changes until the session is restored. This seems like a really good compromise between convenience and security, assuming that this approach is secure.