Why We Use Inactivity Timeouts

By Josh Tafoya, Technical Trainer

I’ve been to over 100 Monitoring Centers during my time with Bold. They range from small “mom and pop” centers with one or two operators logged in at once, to the very large centers with literally dozens of operators at any given time.

One of the questions I’m commonly asked, whether it’s related to BoldNet (all the versions including the old Silverlight version, and of course BoldNet Neo) or with ManitouNEO, is “why do I keep getting kicked out?” An alternative version to this question is something along the lines of “why do my dealers/technicians keep getting kicked out?”

Almost every single time this is asked it is related to Inactivity Timeouts. That is, the user (either the operator using ManitouNEO or the technician/dealer using BoldNet Neo) has logged into the application, spent some period of time without clicking something inside the application, and were logged out.

Many times, when I’ve spoken to the Monitoring Centers involved, they believe they are simply being kicked out, not that their operators were spending 15 minutes (for example) without interaction with Manitou.

It ends up being a very simple test, requiring a user to log in and, on purpose, not do anything with the software. Fifteen seconds before the user is logged out, they are presented with a dialog asking if they wish to stay logged in.

Of course, in my capacity as a Trainer, I’m usually working with these centers before they are live on Manitou. So, since they aren’t being forced to use Manitou full time, a fifteen-minute timeout isn’t out of the question. I’ve worked with these centers to adjust the timeout setting to meet their needs; however, it is defaulted to 15 minutes on purpose.

Why do we put inactivity timeouts in place?

It’s security. Plain and simple.

In a monitoring center, if a workstation is left unattended for 15 minutes, there’s every reason to believe that the user is no longer present in front of the workstation. So, we default the inactivity time.

There are, of course, exceptions all the time. Which is why this value is adjustable. The “mom and pop” centers, where there might be only one operator logged in? Sure, it makes sense. If things are slow enough in alarm handling, they shouldn’t be kicked out for inactivity unless it gets to be hours. And there are other viable examples where the timeout should be extended.

But for many monitoring centers, the timeout exists for situations where someone else (not the operator logged in) can sit at the workstation and start using it as though they were logged in. If an operator is handling alarms under another operator’s login, it might only affect the statistics on the User Statistics report. But if that operator makes a mistake while logged in as another user? They may be making one of their co-workers responsible in the future should the error be questioned.

With BoldNet logins, it’s even more serious. At least operators in a monitoring center are in a controlled environment. Their workstations are identified. They are protected from the outside world by physical security.

But imagine a technician is using their laptop to enter zones or read history. They are logged in to BoldNet. Then they climb a ladder or step into the next room to test a sensor. Being the very definition of a portable workstation, it could be very easy for someone unaffiliated with the alarm company or dealer to watch and make sure they aren’t returning soon, then pick up that laptop and tamper with the alarm systems. Now they can’t log in to alarm handling the same way an operator does. Everything about BoldNet is built so that BoldNet logins can’t gain access to that portion of the software. But what about all the customer data they could potentially access? Working out in the world means that technicians don’t enjoy the physical security that their alarm operator counterparts do.

This is why we put inactivity timeouts onto BoldNet. And why we advise monitoring centers NOT to extend inactivity timeouts. Because if someone grabs that laptop, they will take it physically away from the location where they grabbed it. BoldNet should time them out before they try to use it again.

It’s not the one perfect solution for everything, the way nothing is. But it’s part of a combination of solutions to secure your customer’s information, and keep your operator statistics from being skewed.