Skip to content
← Share and support customer ideas for Xero

Settings and activity

1 result found

  1. Login - Don't Log Me Out/Extend Log Out Time (more than 60 minutes)

    1,064 votes

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close

    We’ll send you updates on this idea

    403 comments  ·  For small businesses » Settings & user roles  ·  Admin →
    How important is this to you?

    We're glad you're here

    Please sign in to leave feedback
    Signed in as (Sign out)
    Close
    Close
    Not in pipeline  ·  AdminKelly Munro (Community Manager, Xero) responded

    Hi everyone, we appreciate the interest surrounding this idea, however we want to be open that we're unable to extend our log-out time past 60 minutes. Xero hold a lot of sensitive information including bank data and we're required to be as secure as online banking.
    Any session information running on a web browser can potentially be stolen. If the session does not time out. You then have an infinitely long vulnerability window to session hijacking. Our best option is to keep a tight expiration window on the session cookie, and regenerate them frequently. Even setting a long timeout doesn't help with this - too long a timeout will greatly increase the risk of invasion or potentially jeopardise your personal data and the safety and integrity of the Xero application itself. This is why we maintain control of this.
    If we detect there's been no activity on a page (e.g…

    An error occurred while saving the comment
    Wendy Jones commented  · 

    Allow user to determine log out period. I work between multiple programs on the same machine and despite being at my desk and active on my PC still have to log back into Xero multiple times per day. Inconvenient for me and not necessary as no one has access to my work area

    An error occurred while saving the comment
    Wendy Jones commented  · 

    Seems Xero has absolutely no intention of listening to their customers and even attempting to make this issue less disruptive.
    I like many others find it extremely frustrating whilst working between 3 different systems to be continually logging in to Xero throughout the course of my work day. I have now disabled 2 factor authentication in an attempt to minimise the multiple login downtimes. Disabling a security feature is definitely not a good work around!
    Given the time we lose in a day perhaps you could find a similar amount of time to respond?

    An error occurred while saving the comment
    Wendy Jones commented  · 

    Great to know there is work around for this issue - thanks Kevin Y. However Xero I think you should review the user comments as in my mind it is your issue to rectify.

    An error occurred while saving the comment
    Wendy Jones commented  · 

    This discussion has been open for some time - will there be a resolution soon? I work all day in between different programs and find it so frustrating having to login when returning to Xero. It is disruptive, frustrating and surprisingly time consuming especially with the 2 factor authentication. Please allow the user to set the timing out limits using Administrator rights

    Wendy Jones supported this idea  · 
    An error occurred while saving the comment
    Wendy Jones commented  · 

    Very irritating especially with multifactor authentication! Give us an option to choose the inactivity time before getting automatically logged out