Keep me logged in
Hi,
I'm new here and I'm not an IT-expert.
Is there a possibility to keep me logged in as long as I want to, until I log out myself?
It is so annoying, that I always have to log in again and again,….
Thanks in advance
Julia
Best Answer
-
Unfortunately, staying logged in is no longer possible. That option changed a couple of years ago. There was a great deal of discussion at the time. It was explained as a security change/feature.
I can generally stay logged in for about 24 hours maximum unless I close the browser.
5
Answers
-
I agree with you @Julia Andreasen and look forward to the response(s) you receive.
1 -
I too usually stay logged in for about 24 hours, but I am able to close the browser (Firefox and Chrome). The log on for the forum seems to be a less than 24 hours
2 -
Thank you for the quick responses.👍️ It looks like that I have to live with that.🙄
1 -
@Julia Andreasen The short answer is that FS uses the timeouts to protect account privacy for all of its members. There is no specified timeout duration set by FS. (Opinion only, it appears to be contingent on usage. e.g., If you open your FS tab and don't use it at all, it may close out earlier than if you are constantly using it for a 24-hour period. ) FamilySearch is not the only genealogy site to do this; most of the other sites have also done this due to privacy laws, and they must comply with privacy and data‑protection standards. Just good sound security practices in an attempt to prevent the loss of data, as occurred with the 23&me data breach in 2023, in which 6.9 million people were affected, earlier the MyHeritage data breach, and so on in the wonderful world of the WWW. As far as I can find, since this is an IT-Security issue, no knowledge article was produced to explain it.
1 -
There's an excellent video about this here https://community.familysearch.org/en/discussion/153649/sign-in-page/p5#Comment_558106
1 -
@Julia Andreasen Thank you MandyShaw1 for finding this video.
0 -
Security could be improved by implementing 2FA via TOTP. Then, everyone could use an authenticator app or password manager to lock down their accounts. That is more secure than allowing users to have short guessable passwords with the login getting cooked frequently like now.
This site doesn't store payment information. You'd have to make a tough argument that account data here is at greater risk than e-commerce platforms, like Amazon, which handle HTTP sessions properly while providing options for 2FA. Having to login every 24 h doesn't make it more convenient nor easier. This creates an illusion of safety only and I doubt the less tech-savvy are fooled by it.
2 -
@DangKwei This would make a great suggestion. Please write up your suggestion using Suggest an Idea.
0 -
Done.
0 -
@DangKwei the site doesn't hold payment information, but any account that covers genealogical information on living people can, if breached, potentially expose person identifiable information for themselves and others: names, dates of birth, relationships, mother's maiden name, etc.
5 -
Just in case there are people not aware of this, Family Search already has two factor authentication as an option. You can turn it on in your account Settings.
2 -
The same could be said for Ancestry, but they have HTTP sessions working properly. Plus, they store payment information.
E-mail doesn't count as 2FA. SMS or TOTP does.
1 -
@DangKwei what is the specific issue you are raising here? I am not clear whether it is the need to sign in regularly, limited 2FA support, more strategic information security concerns, or some combination of these.
Unfortunately we are ordinary users here, with no access to the engineers except via the Suggest an Idea process. From a Data Privacy/Data Protection perspective, this link may help (it also provides specific contact information including re GDPR): https://www.familysearch.org/en/legal/privacy
1 -
@Julia Andreasen Getting back to your original question, when you say you have to log in again and again, exactly how often do you have to log in? I'm pretty sure that I only have to log in once as long as I continue to work in Family Tree.
Now if I walk away and don't do anything on the website, while I couldn't give an exact time, it still seems that it's at least twelve hours before I am automatically signed out. It's certainly not more than 24 hours. Has anyone tested this? It would be easy to do. Just sign on, don't do anything for 24 hours, then refresh the web page and see if you are still signed in. Then shorten the time by a few hours at a time.
In any event, if you are needing to sign in every five minutes, then something is not working right with your set up.
As to why we get automatically signed out, I'm sure FamilySearch has to deal with worst case scenarios. Last year when I was bemoaning limitations of the mobile app and expressed an opinion that some functions should not be allowed on the mobile app, I was informed that the majority of FamilySearch users do not have computers. They only use a mobile device (phone or tablet). I expect that some of them use public resources such as libraries or internet cafes. The automatic sign out is necessary to protect the data of living people that might be contained in a person's FamilySearch account when that user's device is open (or doesn't have a password on it) and the device gets stolen or if the user is on a public device and wanders off without signing out.
6 -
I was on early this morning and left my computer at 7:40 am. Just now at 6:20 pm (it was a busy day) I refreshed the profile page I was on and am still logged in.
2 -
My personal experience is that I do not get logged out when I work well past midnight, even if I have signed in in the morning. However, after I shutdown for the night (with or without signing off from Family Tree) I always have to sign in again next morning (say at around 10 am). Also, if I close the browser (usually Firefox) when I pop out during the day, then "Restore Previous Session" on my return, I am still logged in.
Actually, the current position with signing in/off is not really that useful with regards to security. If I'm in a public place using Family Tree and forget to sign out, anyone can come along and carry on working using my account. In theory, multiple users could do that, right up till the establishment closing at the end of the day.
In the past, the system was far more restrictive, with an automatic sign out within a relatively short time (I forget exactly how long) of one walking away from the computer.
In summary, I'm okay with the way things currently work from home (I don't find it too much of a pain signing in again next morning, even if I don't have to do this with Find My Past and some other applications), but do feel the suggestion that "security" is an issue doesn't make sense, as long as one can be left signed in for many hours if one forgets to sign out when using Family Tree in a public place.
1
