MtGox keeps losing my login, any advice?

[Tzupy]

Hi there, first post on these forums!
I used to trade on Bitstamp and then moved my BTCs to MtGox.
There is an annoying thing going on: after logging in and spending some time watching clarkmoody and bitcoinity,
in different tabs of Firefox, when I switch back to the open tab with MtGox trade page I find myself logged out.
Actually, when I try to modify my order I have to login again, which can take upto 30s, typing username and long password.
I tried to clear all Firefox cookies and history, as suggested by Mozilla support, but it didn't help.
This loss of login didn't happen on Bitstamp, using the same version of Firefox. Any advice would be welcome.

[orymh]

Your auto-logout timer on Mt. Gox is adjustable. That's the first thing I'd check. It's under Settings->Preferences, "Session Expiration." The default is 15 minutes.

[Tzupy]

Thank you, in the mean time I figured it out. Silly me, didn't notice the session duration setting.
There was no such thing on Bitstamp. Let's try a more advanced question:
If I set the session duration to something like 1-2h, how risky is it (hacking wise)?
I have already set security and withdrawals to TFA with OTP.

[orymh]

Increasing your idle time-out increases risk in cases where somebody else has access to your computer. The highest risk is when using a shared computer, say at a library or university computer lab, where any old random stranger could sit down at the computer as soon as you step away. If you were logged in, forgot to manually log out, and left the computer, a longer idle timeout means a larger window for somebody else to mess with your account. (I consider it a bad idea to log in to something like Mt. Gox from any shared computer at all, and not just because of the idle timeout. If it's a machine you don't control, it's a machine you can't trust.)

On your home computer, it's obviously less of a concern, but keep in mind that even if you trust everyone in your household not to steal your money, you also have to trust them not to think it'd be funny to change your Mt. Gox password or something like that.

Regardless of where the PC is or who it belongs to, if it's been compromised in certain ways - if somebody has remote access to your system without your knowledge, for example - increasing your idle timeout increases your risk. For most breaches, though, idle timeout will be the least of your concerns. Keyloggers and BTC-stealing trojans are a lot higher on the list.

One thing you don't have to worry about: an increased idle timeout will not make it any easier for somebody to guess or crack your password.

As a point of reference, I have my idle timeout set to two hours. I only ever log on from one trusted computer, which nobody else has physical access to, and I never leave myself logged on when I leave the building.

[acne]

Umm ever hear of auto log out?

[Tzupy]

@orymh: thank you for the detailed answer.
No one else has access to the computer I use, so I should be fine with sessions of 2 hours.
I also won't click on any links provided in these forums.