Automatic undesired "logout" from Rhino account

unhandled

#1

This is not really all that fun…
image


Cloud Zoo License Management Available in Rhino 6
(Andrés Jacobo) #5

Hi @Helvetosaur

Your Rhino account credentials currently expire about every 90 days or so. You will need to login to refresh your credentials.


#6

Just got this:

image

Let’s see - 5 days in March (from date of post above), 30 in April, 31 in May, 1 in June - that makes only about 67 days by my reckoning…

BTW, I have logged out and logged back into my Rhino account several times since then, the latest being earlier this week…


(Andrés Jacobo) #7

I did say about every 90 days :wink: This issuance period has changed over time, so you may have had a 60 day one back in March.

Logging in to your Rhino account on the browser has no effect on how you’re authenticated in Rhino, since the two cannot directly talk to each other.

AJ


(David Rutten) #8

Still, it’s a fairly curt tone to take with paying customers.


(Andrés Jacobo) #9

60-90 days was chosen as its the same standard used by other companies such as Adobe, Microsoft, and Autodesk. The current issues with making it longer are 1) There’s a higher chance of someone impersonating you and 2) People will forget the passwords if they are not prompted to login within 90 days.

Of course, this is not a perpetual decision and can be changed at a later date. I am not married to the decision I made.

AJ


(David Rutten) #10

I’m not advocating changing the period, just changing the message. For example if you add the impersonation-protection reason to the message, more people will be happy to login again since now they know we’re looking out for their best interest, rather than just making them dance for our amusement.


#11

Well, I have a number of issues with this.

First off, with the advent of V6, McNeel has been strongly encouraging users to use the Cloud Zoo, touting how much better license management will be if they do, supported by graphics such as the one below, where Cloud Zoo has all the boxes checked…

So the service needs to live up to those expectations – which it clearly doesn’t yet in terms of customer friendliness IMO.

While security-wise this may make sense, from a customer point of view, getting automatically logged out induces exactly the opposite of what is intended - it leaves them with a sense of insecurity, not security. Oh, crap, I’m gonna lose my license! My Rhino might stop working! This is in sharp contrast with the locally installed license which once validated continues to work forever without the user even being aware of its presence.

As an aside, if people are really worried about someone impersonating them to gain control of their their Rhino account, they should enable the two-factor authorization as offered. Otherwise I don’t know why we need this level of security, your Rhino account is not banking software…

This also makes zero sense to me. All the customer knows is that they have been asked to create a “Rhino account” and a login. To the customer, their Rhino account is one single thing. Whether they log into their account via a browser to check something or Rhino logs in to get a license shouldn’t make any difference.

Lastly, if this type of auto-logout procedure needs to continue, then yes, as David said, the message really needs to change.

Remove the “Unable to refresh license…” That scares people.
Remove the “Your Rhino account login has expired…” That scares people.
Remove the “…this product will stop working.” That scares the s— out of people.

In short, remove all of it.

Simply say something like this:

“Rhino needs to log in to refresh your license periodically. Please press the Login button below renew your license credentials (for the next 90 days or so).”

If everything goes well, throw up a “success” message.

If they press Login but renewal fails, then throw up a warning screen about that the auto log-in failed that their authorization will expire soon, and to contact support for help.

If they press Cancel, throw up the warning that their login will expire soon and Rhino will stop running, give them another chance to punch the Login button, and if they don’t want to , then just let the thing expire.

I would also avoid any mention of “For your security…”, as that sounds way to much like those spam e-mails you get inviting you to click on a link to log-in and might set up doubts as to whether the pop-up is legitimate or if their Rhino has already been “compromised”…


(Gustavo Fontana) #12

Hi @aj1, I subscribe also to Microsoft and Adobe. I never ever ever see a login request or UI dialog or any interruption from their services requiring logins or authentications. I use all my computers frequently enough that they just self authenticate/renew/handshake/whatever in the background. Same with Spotify.

What you have created is amazing by Rhino standards and above and beyond of what the entire CAD/3D industry has done. Also 1000x better that the shitheads of Autodesk that make me login to the app every time I launch it, like an animal. But why to stop there? You should come up with a way that is absolutletly transparent for us. Less is more. You can match the world-class standard of Adobe/Microsoft/Spotify. Vamos Carajo!

Abrazos,

Gustavo


(Nathan 'jesterKing' Letwory) #13

I see regularly (every month or two) the request to refresh credentials in my Visual Studio instances. You can imagine VS is in rather heavy use…


(Gustavo Fontana) #14

Interesting, do you think that they have different policy for a developer product than they do for a consumer product? I honestly don’t remember to being asked to do anything, other that software updates.


(Nathan 'jesterKing' Letwory) #15

No idea, but it is kinda annoying, like any form of forced reauthentication.

For tools in daily use like Gmail and other Gproducts, YouTrack, Rhino, etc it is indeed a PITA.

I would be annoyed too (read: am)


(Andrés Jacobo) #16

@Helvetosaur @gustojunk point taken. I will look into ways of improving both the process and the communication without compromising the user’s privacy/licenses.


#17

Thank you. While at it please also add an option to hide splashsceen display of Avatars and Discourse/McNeel account Log In Handle.

I see that this can make good sense with shared licenses but it has zero relevance for anyone who only wants to go on using single licenses on several devices in the way it was possible in previous Rhino-versions. This looks like silly Social Media and being logged in permanently somewhere and forced me to think whether I want to show this stuff to customers (besides potentially problematic file previews). I immediately felt a strong urge to make the license local just to return to the V5 appearance.


(Nathan 'jesterKing' Letwory) #18

You can just start with /nosplash of course…


#19

Hmm, just got another “not logged in” message opening Rhino this morning… Only 7 days from the last one… :frowning_face:


(Andrés Jacobo) #20

Hmm, that shouldn’t happen. Have you by any chance omitted the “Stay Signed In” checkbox at login time?


#21

Dunno, have to log out and log back in again to check I guess. Why should that affect Rhino getting my license from my account though? If it does, IMO, that’s not a good thing.

I think it was checked though…

image

Uh-oh…


(Andrés Jacobo) #22

Dunno, have to log out and log back in again to check I guess. Why should that affect Rhino getting my license from my account though? If it does, IMO, that’s not a good thing.

If you are running Rhino on a public computer, the license won’t be refreshed so that other people that come behind you don’t have access to your license as well.


#23

OK, I guess I still don’t really comprehend how the system works…

I have one Rhino Account.
I personally can access this account via a web browser with my log-in and manage my license(s).
I can choose to remain signed in or not.

Question:
How does my “signed-in” status (via web browser) affect the ability of Rhino to get a license from my account?

Test:
I just signed out of my account via web browser and started Rhino. It started normally. Options>Licenses tells me I have exactly 10 days offline use - to the minute relative to my starting Rhino. i.e. I started Rhino at 9:56 AM here on the 9th of June and it tells me I have offline access until 9:56 AM on the 19th of June. So I assume that it checked just now when I started Rhino and reset the offline access date, otherwise that would be a huge coincidence.

Conclusion:
Being signed out of my account management via the web browser doesn’t appear to have affected Rhino’s ability to get a license - which is a very good thing.

Leaves the question as to why I am getting these “not logged in” messages at irregular intervals and (IMO) too often…

Also @aj1 - the “Unable to connect” message posted above appears to be spurious (but unsettling), as it goes through the log-in procedure and does actually successfully log me in - and then the screen comes up making it look like the log-in was unsuccessful.

–Mitch