WEBVTT

00:00:00.000 --> 00:00:07.160
You know what really charrs my veal? When websites or apps you're using randomly sign you out at the worst possible time.

00:00:07.160 --> 00:00:10.320
Your boss has sent you something urgent, but you can't reply in time due to the rigour

00:00:10.320 --> 00:00:15.920
moral of signing back in, and suddenly you're unemployed and out on the streets.

00:00:15.920 --> 00:00:22.480
Hey, if it happened to me, it could happen to you. Okay, maybe it's not a fat dire, but services that end your session with no warning are

00:00:22.480 --> 00:00:29.240
infuriating. So, why does it happen? Typically, it comes down to the service trying to keep you secure in some way.

00:00:29.240 --> 00:00:32.320
And I get it, staying safe online is super important.

00:00:32.320 --> 00:00:38.440
But why is signing you out a solution? Typically, services can sign you out after a certain amount of time has passed since

00:00:38.440 --> 00:00:41.880
your last sign in or since you were last active.

00:00:41.880 --> 00:00:45.640
This is to help prevent an attacker who has broken into your account from having access

00:00:45.640 --> 00:00:51.240
to it indefinitely. Let's say that someone gets into your PC, where you're already signed into a service

00:00:51.240 --> 00:00:56.160
that you use all the time. Having an expiration date on your session, which can be done through the use of cookies

00:00:56.160 --> 00:00:59.960
if you're going through a web browser, means that at some point, the attacker will need

00:00:59.960 --> 00:01:05.080
to actually have your password and possibly your two-factor device to get back in.

00:01:05.080 --> 00:01:08.640
Different services can set very different sign-in intervals, explaining why you might

00:01:08.640 --> 00:01:12.880
never have problems with something like Twitter, while Gmail can be very annoying when you're

00:01:12.880 --> 00:01:15.920
trying to pull up an important work message or a sheet or a doc.

00:01:15.920 --> 00:01:19.640
Of course, this sign-in duration thing isn't exactly foolproof, so a service might make

00:01:19.640 --> 00:01:25.400
you sign back in if it detects something is amiss through a technique called fingerprinting.

00:01:25.400 --> 00:01:29.480
This is when a service collects data on you to make it easier to identify you.

00:01:29.480 --> 00:01:35.080
And although this obviously raises privacy concerns, it can help from a security perspective.

00:01:35.080 --> 00:01:38.960
For example, sites can track everything from your location to the size of the screen you're

00:01:38.960 --> 00:01:45.880
using to your audio configuration. And if there's enough of a change in those things the next time you use the service,

00:01:45.880 --> 00:01:52.160
it may trigger a request to sign in again. Just in case these changes aren't the result of simply using your laptop in a different

00:01:52.160 --> 00:01:56.400
location when you get off the airplane, and it's actually the result of an attacker trying

00:01:56.400 --> 00:02:02.840
to drain your bank account. But because fingerprinting has plenty of privacy-conscious critics, certain browsers are trying to make

00:02:02.840 --> 00:02:06.480
it difficult for services to track you for any reason.

00:02:06.480 --> 00:02:10.800
Therefore, it's becoming more common for browsers to block or delete tracking cookies,

00:02:10.800 --> 00:02:17.040
especially if they originate from a different domain. One funny example is if you're trying to use Microsoft Teams, your browser might be

00:02:17.040 --> 00:02:22.000
deleting cookies from Skype.com, which actually ties into the team's service.

00:02:22.000 --> 00:02:25.960
So you might get prompts to sign in more often than you'd expect, or even more often

00:02:25.960 --> 00:02:30.560
than Microsoft themselves would like.

00:02:30.560 --> 00:02:35.040
Thanks Microsoft. Alright, fine. All this inconvenience is here to keep me safe.

00:02:35.040 --> 00:02:39.520
That might be alright if this actually worked as intended, but it often doesn't.

00:02:39.520 --> 00:02:43.960
Sometimes you can get signed out because your organization doesn't manage saved credentials

00:02:43.960 --> 00:02:49.320
correctly. This is a huge problem with services often used for office communications, like Teams.

00:02:49.320 --> 00:02:56.640
Other times, authentication issues can rear their ugly heads. For example, the much-blind Microsoft Teams works together with the Microsoft Authenticator

00:02:56.640 --> 00:03:03.400
app if you're trying to use it on a smartphone. So if Teams is misbehaving, you might burn lots of time trying to solve the issue with

00:03:03.400 --> 00:03:08.280
the Teams app itself when the actual solution is to clear the Authenticator's cache and

00:03:08.280 --> 00:03:14.480
restart it. So the bottom line is that unless something on your device or within your organization

00:03:14.480 --> 00:03:18.640
is configured incorrectly, you might be at the mercy of this service themselves.

00:03:18.640 --> 00:03:22.640
So stay cool if you're randomly asked to sign in again, and remember not to try and

00:03:22.640 --> 00:03:26.160
punch in your 20-character password while you're driving on the freeway.

00:03:26.160 --> 00:03:29.720
The cops probably won't buy your juice of being safety conscious.

00:03:29.720 --> 00:03:34.680
So thanks for watching guys. If you liked this video, hit like, hit subscribe, and hit us up in the comment section of course

00:03:34.680 --> 00:03:37.040
with your ideas for topics that we should cover in the future.