Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)
Develop the feature where Xero doesn't log user out time is extended for more than 60 minutes when it’s idle.
Purpose: Because having to log in again can disrupt users' workflow, which some users had to be interrupted as they’re also taking care of their business at the same time.
-
Tim Newman commented
I understand the reason given by Xero was sensitive data*, so how about something easier like a 4 digit pin?
*lots of people use computers in secure locations that no-one unauthorised access to, bit of a stupid reason to take everyone's ability to choose away.
-
Angela Taylor commented
Would greatly appreciate more flexibility with extending the LogOut times - see below for all the reasons why. Understand if busy environment but I work from home, on my own, and want to use Xero throughout the day and still have to log on regularly throughout the day. Please look into this for your community.
-
Wilfried and Catherine Smekens commented
please have option to extend log in time
-
Oliver Dennis commented
This needs to be fixed unfortunatley xero tech are not very good and don't know or care on a resolution for this constant customer complaint.The CEO of xero just wants them signed up and after that the tech's all told to ignore this constant request. as xero don't know how to fix it.
-
Justine Hansen commented
Highly dispruptive - especially for those of us who work with multiple tabs open for efficiency. And especially unnecessary for those of us who work at our own computer in a secure office. Please offer more choice around this and less nannying!!
-
Michael Groves commented
Absurd that Xero don't listen to their customers! 10 years on, this "feature" is still imposed on their paying customers.
As a work-around, this chrome extension allows you to auto refresh xero pages, so the re-login timeout doesn't happen.
Auto Refresh Plus
https://chrome.google.com/webstore/detail/auto-refresh-plus-page-mo/hgeljhfekpckiiplhkigfehkdpldcggm
-
Transcom Industries Ltd commented
Looks like from the comments below that I'm not the only person complaining about having to log in many times a day.
Please extend the time from 60mins. It is very annoying having to keep logging in.
-
Clive Menkin commented
come on Xero - it is time to fix this! or you just don't care about your users.
-
Kevin Holland commented
Its utterly infuriating but Xero will not action anything - requirements and suggestions just sit idly here for years with no action. This request is 10 years old FFS!
-
Eugene Ng commented
Actually we are issued individual laptop and it is already with password /fingerprint unlock and auto lock after inactive 30min (i will also auto lock once i going to left my work desk for slightly longer time). I think most website will also prompt and click to stay login instead of requesting us to manual key the password again. What is the point in requesting for us to manual key in the password when we already saved the password inside the laptop for easy login? I close the xero tab and reopen and it is auto login so why request for us to manual type password?
-
Kim Badger commented
I think the user or business should be able to choose this level of security and not have it imposed on them. If they are aware of the risks, they should be able to still choose to keep logged in.
-
John Fraser commented
Agree with comments. Logging out after one hour is disruptive as we use Xero to create invoices for sales and these often have intervals greater than one hour.
-
EMC I.T. Solutions commented
++ this
-
Adam Spiers commented
I'm afraid that fixing the session automatic expiry to 60 minutes is a very unsatisfactory decision by your product team. Incredible to see that these complaints have been going for years and are still not addressed.
It is incorrect to assume that every user of Xero has exactly the same security requirements. For example I only use it at home as a single user, where no one else has access to the computer, so it's plenty secure even if it stays logged in for days. In contrast, in an open office then of course security is a much more sensitive concern.
Why do you think that gmail lets people stay logged in for days or even weeks? And email is far more sensitive than an accounting platform, because (unless two factor authentication is used) any attacker can click a "Forgot password" button and then a recovery link is sent to the owner's email account which can let the attacker into the recovered account.
It should be up to users to decide what level of security they need, rather than a blanket decision by a product team. By all means impose a maximum session length of a week if you must, but 1 hour is ridiculous.
-
Kevin Rudd commented
I dont remember this being an issue a few years ago but not with multi organisations on a single login it is even more frustrating. Each time get logged out due to "inactivity" i need to then go and navigate back to where it kicked me out from. at least let us log back into the same screen.
-
Mike Knobloch commented
I find this extremely frustrating - especially if I have several windows open at the same time.
-
Mark Baghdassarian commented
Why is it that Xero does not have an option for those to decide an appropriate time. Alternatively, where the above is NOT possible - Xero desperately needs to extend this out to a minimum 6 hours in my opinion. If anyone is actually worried about their account security where someone physically may access their portal, they can close their own window themselves and choose not to save their password in their browser. Xero you need to change this desperately
-
Carly Blackney commented
I agree. This is becoming extremely frustrating. The 30-day option would be ideal but I would settle for the 14-day log-in to be reinstated.
-
Jared Fitzclarence commented
Previously you were able to stay logged in for up to 14 days. This was ok (30 days would have been even better), but recent it was changed so you have to log in every day. This is incredibly annoying and is encouraging users to disable 2FA, which in turn reduces security.
Can you please change it back so that I can stay logged in for longer on my device.
Ideally this would end up as a setting in Xero where either the user could set their own log in duration from some options, or the administrator of the account could determine the maximum stay logged in duration for the Xero Organisation
-
Christopher Moore commented
My particular problem with this is for Time Logging in Projects. Xero has usually logged out when we want to add a time record, which means they don't get logged as diligently as they should and money gets lost!
I get that there may be regs for auto-timeout on the critical ledger access, and that security is critical, but to enforce the same rules on someone entering a time entry - which needs authorising anyway - means that logging doesn't happen reliably.
How can a vendor that's so deaf and unresponsive still be in business? 1 full year in for us and I'm close to looking for an alternative. So much that's really neat but so many issues that bomb productivity and usefulness to the point of unusability.