To explain what I mean. You log on to a website and (if applicable) somewhere on the site it shows you the last time you logged in. Presumably for security reasons. At least that’s what I assume it’s meant for. If this is the first time you’ve logged onto that site in weeks, but it shows your last log in as yesterday, someone’s accessing your account.
However, when the only thing it ever shows is that you just logged in a few minutes ago, I can’t see any reason at all to have it there.
I would guess that people building these sites either didn’t realize it’s incorrect or don’t understand the point. OTOH, I see it so often, maybe I don’t understand the point.
You mean the website always shows you as having logged in a few minutes ago, even though you’ve been logged in for weeks? Do you have an example of a site that does that?
Usually it’s a list showing the X most recent ones. If you’ve only ever logged in once (as a newish user) it would only show that, but if you log out and back in, or just login again from another browser or device, you should see the new one in the list too.
My Google history, for example, usually shows a bunch of them, both logins I did on my own and also sometimes that apps do for me (like smart TVs, gaming consoles, etc.)
Yeah, the idea is that you can better identify unknown logins, and maybe force them to log out and/or know to change your password.
Websites are all made by different people though, and it’s entirely possible someone screwed up…
This is from right now, it’s credit card processor’s portal. The top line is someone else, the bottom is me.
This is from Netflix:
Doesn’t the bank one show two? And Netflix will show several logins once you have them. Mine currently shows 4, and if I click Show More, it shows a couple dozen more.
Seems like that’s what they’re supposed to do?
No, the first line is a different user’s account. I did, however, check US Bank, and that one list “up to 15” of the most recent logins.
I see only the most recent log in for each device, but that’s it. I don’t see a Show More button.
I feel like I’m missing something basic, or maybe just totally misunderstanding you…
In the bank case, who is this “other user”? Like a sub account of yours…?
In the Netflix case, doesn’t that just mean you don’t have a lot of recent logins?
I don’t see the problem. Presumably if you kept logging out and back in you’d see a lot more in both lists. But seems like they’re working as intended…? What am I missing?
Pretend like you didn’t see it. It’s irrelevant.
Also, notice that it’s from 2023.
OK, sure, let’s ignore that line.
Sorry… still confused about what you’re expecting to be there but isn’t?
Did you log in a bunch of times recently but don’t see those in the list…? If it’s the same device, they may heuristically determine that it’s still just you, so not worth breaking out into a bunch of separate entries.
By heuristics, I mean they look at signals like your current IP address, browser, app, operating system, etc. to try to fingerprint you (see the EFF’s Cover Your Tracks and Cover Your Tracks | About for detailed methodology). Those are just SOME of the signals available. They use signals like those to try to determine if it was indeed you on your usual device, you on another device, or someone else who stole your login. You logging in on a device they’ve seen before many times isn’t noteworthy; someone logging in as you from a totally different computer in a country across the world would likely trigger suspicion.
All of these are signals but each website has their own particular algorithm for determining what qualifies as the “same device”. It just depends on the robustness of their fingerprinting technique.
Could that explain what you’re seeing, or am I still misunderstanding? If so, sorry, someone else might have a better idea.
Never noticed what sites list as my last log in as. But it all depends on how the code was written. There will be lines of code somewhere that update a spot that contains the last log in data. Date and time. Often there is a shut down routine. When the user closes the program or site. A bunch of things may then be done, before the program or site actually does close. Updating the last log in may be done at that point. But maybe the code writer would prefer that it is actually one of the first things that is done. In case the program or site hangs up and does not close properly. The data would then already be updated for trouble shooting purposes. Maybe it can also be a security issue. Ensure your user log in is updated immediately, to ensure no concurrent log in is allowed? Or some such issue. Best practice is to acquire and update the important data ASAP in the code in case of crash