top | item 37179463

(no title)

maxvt | 2 years ago

> Facebook, Google, Amazon and GitHub have sessions that never expire. They think it’s an acceptable risk. I think they are right.

Three of these companies have a strong vested interest in keeping you logged in all the time and to minimize the friction of interacting with their services.

GitHub, if you use 2FA or corporate SSO, does expire sessions. Perhaps they make the tradeoff of risk vs convenience for username/password users, as is their right.

discuss

No comments yet.