USPTO says that if you check this box, the second authentication factor will not be not needed during signin for the next 24 hours.
This is, of course, false. Or more accurately, it is almost always false. The check box does occasionally save the USPTO customer from having to carry out two-factor authentication when logging in to a USPTO system. But usually it does not work.
USPTO’s implementation of this check box is extremely fragile. It sets a browser cookie that will supposedly save the customer from having to do the two-factor authentication again until after 24 hours has passed. The most microscopic change of circumstance, however, is enough to break the cookie. If the computer’s IP address changes (as happens with any notebook computer when it is taken from home to office or vice versa) this breaks the cookie. But merely closing the browser and reopening it is enough to break the cookie. Having the screen blank out to save power, followed by touching any key to make the screen light up again, seems to be enough to break the cookie.
This would not be so bad except that the USPTO also got the wrong answer on the duration of the forced logouts from the USPTO systems. Under the old Entrust Java Applet (EPF) login system, the forced logout was (supposedly) sixty minutes. Even that was far shorter than what customers actually want. But when USPTO migrated to the MyUSPTO signin system, USPTO harmed customers by cutting even the too-short sixty-minute forced logout time period in half. USPTO now forces the customer to log out in a mere thirty minutes.
As I told USPTO back in 2014 (blog article), a short forced logout period is the opposite of what users actually want. I surveyed users on this. The vast majority of respondents say that for them, UPTO’s system of forced logouts is a bug, not a feature. Indeed more than 90% of respondents said that they find the “forced logout” feature neither important nor valuable. If USPTO were to change the system so that each user could choose for a particular login session to never get logged out automatically, 81% of the respondents would use that feature sometimes or for nearly all of their login sessions.
What would you prefer in the MyUSPTO system in the way of forced logouts? Please post a comment below.