+11
Pending Review

Automatically clear saved credentials

yahmylo 4 years ago updated by SeanL 1 year ago 5

For security we would like the ability to enable a feature that would automatically clear stored credentials when we disconnect from a session.

Available in Version:
Pending Review

i would like the ability to set when the credential clears. lowest option would be on disconnect and then up to x days.  

I actually assumed this was the way it worked. I was quite surprised that it kept the credentials after the host disconnected. This is a security concern for me. I would like the ability to have those deleted either after a host session is disconnected, or after a certain period of time.

I'm very surprised to find that there (still 3 years later) isn't even a measure of control over removal of these credentials.  There should be an option to clear credentials on disconnect as well as a setting to clear all credentials globally after a certain period of time.

Use cases:  

  • Senior engineers working on a system during multiple sessions throughout a day.  These credentials should persist  between sessions and be made available as defined by their senior engineer role.  The global setting, perhaps 4 hours, would then clear any credentials that are still stored/available.
  • Level 1 engineers working on email/printing issues while a user is at lunch.  These credentials should be cleared upon disconnect as defined by level 1 engineer's role.

I understand that the engineer can prompt for credentials again and then store blank credentials before disconnecting.  However, that is a grossly inadequate method of handling a potential security hole.

I agree, these should auto clear when a engineer disconnects. Also, the stored credentials should only be for the user who requested them, they should not be available to all users that connect to the same machine!