How to automatically lock computers when users leave.
Cars automatically lock when you get far enough away. Even homes are now being protected with an automatic security locking mechanism. Computers, however, still rely on archaic timeout policies. "Inactivity" alone is not dynamic enough variable to determine whether the computer should lock or not. When you're in a car, you're either driving it or not - very binary. When you leave you're home, you know to lock the door and take your keys with you.
Computers are a different situation since people are working on their computer, around it, using it for ancillary functions, etc. Inactivity timeouts work by counting down a predetermined set time length to lock as soon as there is no more keyboard or mouse activity from the user. But what if the user is just reading? What if the user was just walking on the phone for more than the inactivity timeout length? In these cases, the computer will have locked, forcing the user to log back in repeatedly throughout the day. Logging in over and over again is a serious waste of time, especially for companies with hundreds of users facing this issue potentially dozens of times a day.
Requirements for stronger passwords are making remembering the multitudes of passwords difficult for every user. Password stress/fatigue is on the rise. Working from home is not making things easier for security professionals either - security professionals are finding people in their home environments are becoming more laxed regarding data security.
Unfortunately, home might be more of an unsecure environment for sensitive data than the office. The office might have been layered with defensive bulwarks ranging from physical security including gates, guards, cameras, and turnstiles to managerial and even cultural. An environment with a strong security culture increases the likelihood that most people will behave securely by locking their computers at all times. At home - these disciplined users might succumb to the laxed environment and leave computers unlocked habitually.
The first reason inactivity timeouts suck
Inactivity timeouts can be long and leave computers at risk for too long. Is a 15-minute timeout policy too long? Is 5 minutes too long for a timeout policy? The time between a user leaving a workstation and the workstation locking/signing out should be minimal.
Sure, you can rely on a timeout policy, but the aforementioned reasons should be enough to dissuade serious people from subjecting themselves to ineffective or oppressive timeout policies. Some people like to use facial biometrics to let the computer know they're no longer present but this means you have to always be in front of your computer (camera). For those weary of using immutable biometrics, facial recognition is not an option.
The second reason inactivity timeouts suck
Policies may require the inactivity timeout length to be very short. Imagine working on your computer and the computer just locks on you! Why did it lock? Because the inactivity timeout was set to something very short (2 minutes) and you spent the time reading so the computer didn't know you were still there. Inactivity timeouts depend on users still typing or using their mouse.
How to lock computers automatically
Fool-proof computer locking is simple. You'll need a GateKeeper token to act as your key. Just like your car, get far enough from your computer and with your key and proximity lock kicks in. Most people are very used to this method of relying on proximity to lock their cars and so requires no additional changes in habit.
Use either your Android phone for free or use a GateKeeper Halberd hardware token as your key. Plug in your USB receiver that comes with every GateKeeper Halberd at act as your Bluetooth proximity receiver. If you're using Windows 10, then you can use your internal Bluetooth or other 3rd party Bluetooth dongles. If you are using your Android phone as your key, you can purchase a USB receiver from the GateKeeper store.
Download your GateKeeper desktop application for either Windows or Mac and install. Set up your user profile and connect your key to your computer through the desktop application. After you're finished setting up, just carry your key fob with you and your computer will auto-lock every time.
See GateKeeper proximity access control in action.
Take a self-guided tour of how your proximity-based access control can work.
Touchless, contactless, passwordless 2FA with continuous authentication. One key for all your passwords. Experience fully automated login and security. Instant 2FA, auto-OTP, password manager and worry-free workflow with proximity-based privileged access management for Windows 10, 8, 7, macOS, desktop applications, and websites.