[Ads-l] A quick review of the new OED.com

James Eric Lawson jel at NVENTURE.COM
Thu Jul 27 18:37:53 UTC 2023 

Following your lead (because I despair *a priori* of getting the 
technical crew to listen--this despite my own decades, starting in the 
1980s at the Minnesota Supercomputer Institute among other places, of 
willy-nilly part-time work as a computer systems administrator, 
programmer, and general computer dogsbody), I sent email (see below) to 
both the technical and general OED email addresses. Their kindly worded 
reply to my rather cranky complaint suggests there may be hope yet...my 
bank, for example, simply advises "users" to be sure to log out if 
working on a shared computer.

On 7/26/23 12:21, Grant Barrett wrote:
> For me the biggest issue is that the login cookies only last 45 minutes! I
> am now signing in many more times a day. I sent an email about it and got a
> reply saying that it's for security reasons. It's just me, at home,
> working, OED. Nobody is sneaking into my house to look up etymologies on my
> user account. GB

**Email to "OED General Comment" and "OED access/technical query":**

I like to leave my dictionary open on my desktop for easy access. The 
new version of OED Online locks itself after a short interval, then 
requires the elaborate sign-in procedure for continued use. This is an 
aggravating waste of my time.

If the change is intended to address a security issue, it doesn't 
improve security, it weakens security; every time my password goes 'over 
the wires' it is exposed to random attacks, whereas the authorization 
cookie is only vulnerable to those with access to my computer (me).

Please revert to authorization cookies without time out.

Thank you,

James Eric Lawson

**And their kind reply:**

Dear James Eric Lawson,

Thank you for your email regarding the 45-minute inactivity timeout on 
the new OED website.
We understand that this change may be inconvenient for some users, and 
we appreciate your feedback.

As you correctly pointed out, the 45-minute timeout was implemented as a 
security measure to protect user accounts from unauthorized access, 
particularly when using a shared device. When a user leaves their 
account logged in for an extended period of time without activity, their 
account may be vulnerable to takeover and their personal details 
exposed. The automatic timeout helps to mitigate this risk by logging 
the user out after a period of inactivity.
We apologize for any inconvenience the 45-minute timeout may cause but 
hope you understand our need to balance security with user expectations.

I understand your point that this is less of a risk when using a 
personal computer, and your feedback will be logged - I can't promise 
changes will be implemented, but the team are carefully looking at all 
feedback received.
If you have any further questions or concerns, please do not hesitate to 
contact us.
Thank you for your understanding.

Kind regards,
The OED team

-- 
James Eric Lawson

------------------------------------------------------------
The American Dialect Society - http://www.americandialect.org

More information about the Ads-l mailing list