[tesseract]

There are some websites that are both super aggressive about timing out your session and also make you play hide and seek for the login button. Of the sites I use frequently UPS used to be about the worst offender but the most recent version of their site does have a usable login link.

[Anon1096]

Vanguard is another one that drives me up the wall. Going to Vanguard.com doesn't have a sign in area to autofill with a password manager; you have to go to the personal investors page. And sessions are hard limited to 15 minutes so you have to jump through these hoops every time. I have the correct page bookmarked but even on that page the log in boxes don't appear until half way down.

[switch007]

The same Vanguard that could have millions of dollars of investments in your account? What’s the appropriate time out?

[fckthisguy]

I don't think the criticism is the logout time, it's the fact that you have to hunt for the button. The logout time only exasperates the problem.

[tzs]

How about having a short timeout for making transactions and a longer timeout for viewing balances and transactions?

[leesalminen]

Should probably require a TOTP MFA code for all movements of money anyway regardless of session validity.

[presto8]

Totally agree, Vanguard's landing page is a disaster.

I was able to directly link this page however, which I bookmarked:

https://personal.vanguard.com/us/AuthLogin