Application feature - alerting user of concurrent sessions

Earlier this month Google's Gmail added several new security features to the latest version of Gmail.

A user can now see a list of current open sessions associated with the user's account. See an open session from an IP address you don't recognize or an access type you don't use (Mobile for example)? It may be indicative of a compromised account. Perhaps your password has been compromised or perhaps you accessed Gmail from a friend's laptop. You can change your password (which you could already do, obviously), then click the "Sign out all other sessions" button.

Like web systems at many financial institutions, recent activity is also listed. However, unlike most I've seen, Gmail shows activity from more than just the last login - the last 5 logins in fact.

When designing web apps, consider incorporating features like these.

About This Entry

Jul
30
2008
Published on Wednesday, July 30 2008 at 02:58 PM by Steve Werby in the Information Security blog.
Categories: Information Security

Need Help?

If you need immediate assistance, please contact the Help Desk at (804) 828-2227 or submit a ticket online. You can also submit feedback through our Feedback form above or leave a comment on specific blog entries.

Don't Get Phished

Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. Learn more about phishing »

Commenting has been disabled for this entry.