In the security settings there are two options for the session idle timeout: 30 minutes, and infinite.
Unfortunately, both of these values are not satisfactory. 30 minutes is too short, it ends up annoying users. Not having a timeout at all is great for usability, but increases the risk of unauthorized access.
I would like to suggest a third option there, which is to require users to login just once a day. Or, alternatively, permit custom values in minutes / hours / days.
Thanks in advance.