Aggressive arbitrary session timeouts in cloud apps is frustrating, especially if your password manager is inconsistent in its ability to autofill accurately.
Painful 3 step sign-ins - #1) email, #2) password, #3) 2FA - argh.
How do you even decide 24 hrs vs 30 days vs 365 days for sessions?
Is app security often more for show than need, biased towards super edge cases?
I remain logged in on Firefox only, with an extension that blocks me from accidentally visiting any other sites that are not on the "allow-list".
For Google sites, I used to use Firefox but at one point it said Firefox support was deprecated so now I use Chromium-based SSBs.
For open web browsing, I used to use Chrome but now use Safari. I never login to any site on Safari and regularly clear the site data. I can't use incognito mode because I want to keep the history which is useful to me, but I suppose at some point I'll just make an extension to log my own history.
Regarding auth session duration, I noticed that Google seems to have a much shorter session lifetime if you don't use 2FA. Not sure if other sites do that. I rarely look at FB/Twitter so it never surprises me if they ask for the password.