Yes BANK, I DO want to logout!
May 22, 2014 1:34 AM Subscribe
Is there a simple reason why many (the majority in my experience) of the banks and financial websites ask you to confirm that you want to logout. ie when you click 'logout', they then ask 'are you sure you want to logout?'.
I would have thought that in a highly sensitive site like my banking account, they wouldn't want users to accidentally remain logged in and therefore should take the 1st click as the logout trigger. Asking for confirmation surely leaves chance that the user will miss it and accidentally leave themselves logged in? Plus I find it annoying. But it seems to be common on banking websites but not on shopping sites, etc. Why please?
My (uneducated, nonspecialist) guess is that the usability penalty for people who accidentally logged out beat the security gain, especially given the strict login timeouts.
posted by katrielalex at 2:10 AM on May 22, 2014 [3 favorites]
posted by katrielalex at 2:10 AM on May 22, 2014 [3 favorites]
Just having checked: my bank does not do this. My guess is that it might have to do with banks where the web design is not so great and less-savvy users have been known to accidentally log themselves back out.
posted by Sequence at 2:12 AM on May 22, 2014 [1 favorite]
posted by Sequence at 2:12 AM on May 22, 2014 [1 favorite]
Banks are dumb and have always had shitty web sites, that's why.
posted by ryanrs at 2:13 AM on May 22, 2014 [15 favorites]
posted by ryanrs at 2:13 AM on May 22, 2014 [15 favorites]
if i am not mistaken, when you close your browser window, you're logged out, even if the bank sees you as a cad lover who jilted it.
posted by bruce at 2:21 AM on May 22, 2014 [1 favorite]
posted by bruce at 2:21 AM on May 22, 2014 [1 favorite]
My bank has a time-out feature if I am inactive as well as the 'are you sure' button. I think the button is a good idea because of the small amount of hooplah involved in logging in, and the timing-out function means that I cannot accidentally stay logged in anyway.
posted by jojobobo at 2:47 AM on May 22, 2014 [1 favorite]
posted by jojobobo at 2:47 AM on May 22, 2014 [1 favorite]
It's human factors. Actions that are irrevocable or take several actions to recover from should be (a) undoable or (b) confirmed.
Examples:
Overwrite existing file?
Form data filled in. Are you sure you want to navigate away?
The first (typically) has no recovery and the second takes effort to recover.
Logging out from a banking site requires logging in again, which for a decent banking site is a multi-step process (at least mine is).
posted by plinth at 3:14 AM on May 22, 2014 [4 favorites]
Examples:
Overwrite existing file?
Form data filled in. Are you sure you want to navigate away?
The first (typically) has no recovery and the second takes effort to recover.
Logging out from a banking site requires logging in again, which for a decent banking site is a multi-step process (at least mine is).
posted by plinth at 3:14 AM on May 22, 2014 [4 favorites]
N'thing the observation that logging in is, or should be, time consuming. And so logging out should not be possible by accident, requesting confirmation seems like a good way of avoiding accidental disconnects due to finger trouble.
First Direct (UK) do this very well on the desktop. The banking interaction is in a separate window opened after login and the logout confirmation closes that window.
posted by epo at 3:20 AM on May 22, 2014
First Direct (UK) do this very well on the desktop. The banking interaction is in a separate window opened after login and the logout confirmation closes that window.
posted by epo at 3:20 AM on May 22, 2014
There are a million little UI things that get done because they're what's done even though they take longer and have more mistakes (for example, forcing you to pick a state from a drop-down menu instead of entering initials; there's been studies that show this results in more mistakes from people accidentally scrolling and it takes longer but it still seems to be status quo). This is likely one of them-- other banks often have that confirmation page, so your bank puts it in too.
posted by NoraReed at 3:25 AM on May 22, 2014 [1 favorite]
posted by NoraReed at 3:25 AM on May 22, 2014 [1 favorite]
You are just unlucky. I have accounts with two big US banks, neither of them do this. They someimes try to sell me something on the "you are logged out" screen, but I'm already logged out at that point.
posted by mr vino at 3:49 AM on May 22, 2014
posted by mr vino at 3:49 AM on May 22, 2014
Microsoft developer Raymond Chen often says about features that result in highly visible yet user-hostile behavior, "I bet somebody got a really nice bonus for that feature." Such features can result from organizational structure where no one really has an eye on usability.
posted by grouse at 3:52 AM on May 22, 2014 [1 favorite]
posted by grouse at 3:52 AM on May 22, 2014 [1 favorite]
Though maybe they ought to, banks do not make every decision possible to maximize security. Look at, for example, the number of banks that limit the length of your password or the types of characters it can contain*.
I agree with the suggestion that this is probably a bandaid put in place because people had, in fact, been logging out accidentally and getting irritated about it because of the security on the way back in.
* - Next time I change banks, anyone who doesn't let me use a 32-character password that contains spaces is right out.
posted by toomuchpete at 6:16 AM on May 22, 2014
I agree with the suggestion that this is probably a bandaid put in place because people had, in fact, been logging out accidentally and getting irritated about it because of the security on the way back in.
* - Next time I change banks, anyone who doesn't let me use a 32-character password that contains spaces is right out.
posted by toomuchpete at 6:16 AM on May 22, 2014
My theory is, this is leftover behavior from desktop applications. Computers used to have itty-bitty RAM/CPU/etc so it took a lot of time open an application so it was reasonable to ask the user if they were sure they wanted to quit, because it would take a looong time to re-open. In other words, it's a Cargo Cult.
On a related note... dear UX designers everywhere, please remember: To Confirm is Useless, to Undo, Divine.
posted by rada at 7:45 AM on May 22, 2014 [2 favorites]
On a related note... dear UX designers everywhere, please remember: To Confirm is Useless, to Undo, Divine.
posted by rada at 7:45 AM on May 22, 2014 [2 favorites]
bruce: if i am not mistaken, when you close your browser window, you're logged out, even if the bank sees you as a cad lover who jilted it.
You are mistaken. I wish you were correct, but just to test it, I logged into BOTH of my banks, killed my browser, waited about one minute, and logged back in. BOTH of them still had me logged in.
Goddammitsomuch.
posted by IAmBroom at 11:21 PM on June 1, 2014
You are mistaken. I wish you were correct, but just to test it, I logged into BOTH of my banks, killed my browser, waited about one minute, and logged back in. BOTH of them still had me logged in.
Goddammitsomuch.
posted by IAmBroom at 11:21 PM on June 1, 2014
« Older Building a self destructing USB drive | Help me identify this (I think) British children's... Newer »
This thread is closed to new comments.
And even if your security procedures aren't so robust, a confirmation is nice IMO; I hate logging out accidentally. YMMV.
posted by Admiral Haddock at 1:58 AM on May 22, 2014 [2 favorites]