Issue metadata
Sign in to add a comment
|
Security: Some websites don't timeout logins
Reported by
md.abdulmajed0@gmail.com,
Aug 23 2017
|
||||||||||||||||||
Issue description
Today I signed in my Google account in Google Chrome. The Google account was in signed in state, I didn't sign out.
After a long period when I re-open the account settings page of my Google account , I see Google doesn't enforce me to re-enter my password after an idle session. I can easily go to Google drive, Gmail whatever I want without being asked password after an idle, inactive session or browsing activity. I am astonished. What would be happened, if my friend would change Gmail's recovery phone number, email address borrowing my phone???
If I close the tab, and again try to sign in my Gmail, no need to enter password again??? It's totally pathetic.
When I browse for netbanking, after a continuous inactive session of 2-3 minutes, bank enforces me to log in again. Google account is linked to so many things and it is also not less important than banking. You should introduce here 'idle session' also. Thank you.
,
Nov 30 2017
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Aug 23 2017Summary: Security: Some websites don't timeout logins (was: Security: web-browsing)