Mobile Auto logout.

7
2 years agoopen7

I’m very concerned that the new mobile never logs a tech out from the server. We do a lot of government work and I worried that leave the connection open to my mobile server could be exploded and would not pass a penetration test. I would like first choice to have time logoff setting after no activity. Second choice would be to at least be able to set a time to log all techs off after hour so these connections are not left open over nights and weekends.

7 thoughts on “Mobile Auto logout.”

  1. Hello Chris. Thanks for the idea. Let me look into this next week. I think we can do this. Our new framework should allow it. Our old framework would not have allowed us to do it properly. I will update this post when I know more.

  2. No. We are no closer. We just have not been able to get to this. It only has four votes. :). For now, you can force people to logout manual in the mobile app. This is done in the logged-in user list. Also, companies can setup their IIS (that is the mobile server) to restart each night or any other interval. That action logs people out.

  3. Hi James,
    I’m sorry but on this issue I have to disagree with you. I do not think the security of my software should depend on how many of your other clients vote on it. Being in the security business I take security very seriously. I work for a lot of customers that do penetration test. I’ve been told by leaving the sessions open that somebody could capture the session number and hijack it. No I don’t know how your program is written, if you can assure me that having an open session indefinitely that it cannot be hijacked and it is secure then I’ll except that. The experts I have talked to told me this is why banks and secure programs time you out because the session number can be hijacked or taken over. I would believe if your other customers knew the possible vulnerability they would be just as concerned. I keep a lot of customer’s confidential information on my system and I believe it’s your duty to make sure the software is secure whether your other customers voted on it or not. You have stated in numerous webinars you’re a man of your word. I do not feel logout once a day really addresses my concern. It’s like locking your doors at night, but leaving them open during the day when most break ins occur. You had stated two months ago that this is something you could do and now it has been put on the back burner because none of your other customers have voted on security has feature request. I don’t believe security should be a feature request. There has been quite a few instances of companies being hacked by the way of HVAC companies. I believe this is a smoking gun they could come back and haunt both of us, so I would really like it given the attention it deserves. I deal with a lot of remote apps and yours is the only one that allows you to stay logged in indefinitely not requiring the credentials to be re-entered. Once again we go back to when I purchased the system you had the security in place that I expected . The software was changed and now I believe your putting my data at risk. This issue, should be at the top of you list. Even on your support website it times out and we have to sign back in.

  4. You said “yours is the only one that allows you to stay logged in indefinitely”. That’s not actually the case. It is not indefinitely. We are not the only ones with this behavior either. We comply with all Google Android and Apple iOS security standards. Our apps are tested by them prior to being allowed on their respective stores.

    You reminded me that I said I was a man of my word. Am I not? On December 31, 2020 at 9:27 AM, I said I would look into this and I did not offer you a timeline. I have looked into this and we will do the work. I will not offer you a timeline though.

    We generally plan out two months of work at a time. We leave two hours per day, per developer for bugs. It is difficult to fit extensive work like this into a “sprint” that is in progress. We are working as hard and as fast as we can. The work demands a lot of labor hours to do properly. We want to do the work, we just have not been able to fit it into one of our “sprints”.

    Most people believe their issue is the best and most urgent. I told you what you can do for now in hopes that the information might be helpful. I would imagine that your mobile devices lock after a few minutes and they require a password to open. You might also have your screen lock using encryption. All of these steps should provide reasonable protection until we can address this.

Leave a Reply