Usernames and password are never stored in the browser. They are only used once to request a token from the Viz Social installation. After that, the received token is used to secure all forthcoming communication and the username/password themselves are cleared.

For security reasons all tokens have a finite lifetime (by default six months), after which re-authentication is needed. Hover over the lock icon in the server configuration to see the expiration time of a token.

The tokens handed out to each user are visible in the Viz Social user overview. The user administration can withdraw them from there if needed. To prevent unauthorized access, all tokens requested by a user are withdrawn when the user account is deleted.