Why must I log in AGAIN?

Does anyone have an explanation for why the Zwift application on a computer (or perhaps any platform, for that matter) requires one to re-login after a period of time of disuse? If it’s one profile using the application, I don’t understand why re-logging in at all is necessary. I don’t often use the application on my computer (MacBook Pro), but when I do, I invariably get asked to log in again… I see no sense in this behavior. Unless I actively log out of the application, it should maintain my credentials and keep me logged in indefinitely. Does anybody know the reasoning behind this? Strava does this too and it’s maddening when the mobile device apps NEVER do this kind of thing. If anybody has some good reasoning on this (or if someone from Zwift cares to respond), I’d love to hear it.

Hi @Aaron_Huie

If you aren’t pedaling, you’re not generating a power / speed / cadence data stream to the server.

If the data stream stops all of a sudden, the server can’t tell the difference between 1) your computer crashed 2) you intentionally got off the bike or 3) if we should call 911 for a welfare check. :smiley:

Only when you save & exit can we tell you affirmatively and intentionally ended your session. Hope that makes sense.

Hi Aaron,
I get the same.
I always thought it was Zwift verifying that it was still me using the platform, not someone else. Like a security check for them.
I don’t really mind, as compared to my earlier days on Zwift were it seemed customers where asked quite frequently, as long as I don’t change device, I don’t generally get asked.

1 Like

Hi Aaron,

To be honest, I agree. It’s a pain to have to log in again, especially as my password is relatively long and hard to type.

I don’t find it as much of a problem on the website, because I use LastPass (a password manager) that automatically fills it in for me. But it doesn’t work with the Companion app or Zwift game.

It seems a little bit random when it asks for login again, but often it’s when there’s an update. I assume the Companion or game tidy up local storage at that point, especially if there’s a new file format or setting. Perhaps that’s why they can’t remember who’s logged in.

No one else ever uses my PC or phone, so I’d love it if I never have to type in my password again. I can’t remember when I last had to log in to Spotify or Facebook apps for example, despite many updates to them.

An annoyance, though not a showstopper.

1 Like

You’re not understanding the issue, it seems. I don’t get dropped or anything. This is more about my login credentials getting forgotten when I don’t use Zwift on a particular device for a long time (usually my laptop, as I’m more apt to use Zwift on an Apple TV). Or maybe you accidentally commented on the wrong post?

I use a password manager, too. And that does make it at least a little easier, although, as you said, the Zwift app doesn’t yet have integration with those tools, so it’s more of a hassle than it should be to use even those. But in my mind, once I login once, I shouldn’t have to do it again on a system that isn’t shared. It baffles me that neither Zwift nor Strava seem to think this is an issue… Especially when other platforms don’t have this issue. I’m not saying there isn’t a good reason, and I know that Zwift can’t answer for Strava (I don’t expect them to - I’m just using Strava as another example of the behavior), but I’m posting this here in the hopes that maybe Zwift can explain themselves on this.

+10000

This practice of logging users out periodically is ANTI-security and ANTI-consumer. Please fix it.

I use an HTPC dedicated for Zwift to run the platform and it is such a PITA to get out the keyboard, open up the password manager on my phone, and carefully type in my randomized password every time it asks. This does NOT help with security in any manner.

You know what it does? It makes all of your users want to use LESS complex passwords and make themselves more vulnerable to hacking.

I work as a CISO and I am so sick of companies making up stupid policies like this because it gives the illusion of security while in reality degrading it and frustrating their user base.

4 Likes

There’s a lot of it about. Like those who don’t allow spaces in passwords. Or those who put, say, a 16 character limit on them.

Let’s say people can use the 7-bit ASCII character set from 33 (!) to 126 (~) – I think that’s all the “printable” lower ASCII characters not including space.

So what’s that, 94 characters? 94 characters, 16 times over. 3.7 x 10^31 permutations? Could be cracked in hours or days.

Now let’s just have lowercase letters and spacebar, but allow unlimited length.

“this is my hard to brute force password”. 27 characters, 40 times over in this case. 1.8 x 10^57 permutations.

Easier to remember. Easier to type. Much harder to brute force crack.

E&OE, I am not a security specialist. I just hate having to jump through hoops or be restricted to choose a password. :smiley:

Preferred security policies and procedures aside, does anyone know what the auto-logout setting is for Zwift? It would be good info to have and most programs have it, just don’t know what it is.

I just launched the app on a Win10 PC this morning after 8 days of not using Zwift or that computer and didn’t have to re-login. The PC does stay powered up 24/7, though. Background setting still running, maintaining a heartbeat with a Zwift server?

…and yes, I am ashamed of not riding during that time. I thought the cycling gods would have mercy on me but my body told me differently this morning…

The Android Companion app even asks you to log in when the network connectivity drops. Of course you can’t login, with sweaty fingers, while biking, because, surprise, you’re offline. Error handling just ain’t their thang. :man_shrugging:

Unlike many other things, that are merely mildly annoying, I feel the same way about it. This is actively encouraging people to do the wrong thing, which is terrible.