When user/password is finally going to be implemented, please make it so that you get a token after a valid login.
Also make this token device/session dependent and allow to kill remote session (based on a keepalive if tab is still opened) from the interface.