Community Wishlist Survey 2021/Miscellaneous/Show all active sessions

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Random proposal◄ Miscellaneous  The survey has concluded. Here are the results!

  • Problem: Sometimes we can forget to log out when using an other device than usually thus making it possible that someone can use your account.
  • Who would benefit: all users
  • Proposed solution: Create "active sessions" special page and let users to remove sessions they don't want to keep active. Similar like in Google/Facebook etc.
  • More comments:
  • Phabricator tickets: T58212
  • Proposer: Stryn (talk) 11:22, 17 November 2020 (UTC)[reply]

Discussion

  • This seems like it could be a big security improvement. I wonder what the common use cases would be. My first thought was that I know a significant number of editors work from library computers - I'd be interested in people's experiences of whether Wikimedia login sessions persist on library computers or get logged out by default. — Bilorv (talk) 19:38, 17 November 2020 (UTC)[reply]
  • I know we aren't voting now, but I think that's a great idea. I have a shared computer that I sometimes use when my personal computer is unavailable and my phone doesn't make the cut. I wouldn't want my young, mischievous siblings using my account. The security of everyone's account would be improved as well. You could easily see if someone were in your account, and could change your password accordingly if necessary. Thanks, EDG 543 (message me) 01:38, 18 November 2020 (UTC)[reply]
  • If nothing else, the ability to view a simple count of active sessions (or sometimes "sessions other than the current one"), along with the ability to log out all additional active sessions other than the currently-active one, is kind of the bare-minimum for account-management features in federated authentication systems of similar scale/scope to Wikimedia's. Gravy on top would be the ability to see when each session was last active, where each session was logged in from (either geolocation, network topology, OS / browser fingerprinting, etc.) and the ability to disconnect individual sessions instead of having no option other than the nuclear one. -- FeRDNYC (talk) 00:54, 24 November 2020 (UTC)[reply]

Voting