Jim
My feedback
3 results found
-
16 votes
An error occurred while saving the comment Jim
supported this idea
·
-
1,750 votesJim
supported this idea
·
-
161 votesJim
supported this idea
·
If a user could name or group sessions, that would help not to lose track of which sessions were actually their own. I think they should have more recognizable attributes visible to the user to make it possible to spot malicious/unauthorized logins that would otherwise not stick out.
Additionally, each session could be tagged as "known"/secure/confirmed. I guess that how trust should be allowed to propagate between sessions needs a concept too.
A threat actor in this scenario would then no longer be able to retain access to a target's account via a permanent session if the attacker has no way of repeatedly producing 2FA authentication responses.
Maybe visually grouping them could further help, not giving up on keeping an eye on active session management. For example, my phone has 5 apps (Mail, VPN, Calendar, Drive, Wallet, ...) which each have their own session in the session management settings section. If users could add a free text note to each session, that would go a long way already. The only way of grouping them otherwise seems to be logging in at the same date and recording the count of sessions. At least thats what I have tried. My use-case is probably not that common (grapheneos with multiple user profiles->multiplied session count->lack of ways to differentiate sessions), but the naming/tagging could help with accruing a long list of so many sessions that a new unknown session can not be spotted.
It is entirely possible that I am a bit too paranoid, or there are reasons against such functionality?