diff --git a/src/app/accountinfo/accountinfo.component.html b/src/app/accountinfo/accountinfo.component.html
index 8aa198a3359a9bbe0eedc712b588dd5c31d2423c..b80099285bbe7df572b2dd77e79376a54c8ae55b 100644
--- a/src/app/accountinfo/accountinfo.component.html
+++ b/src/app/accountinfo/accountinfo.component.html
@@ -1,6 +1,6 @@
 <div  fxLayout="column" fxLayoutAlign="start none" style="width: 100%" class="strudel-accountinfo-typography">
     <div *ngIf="nowSeconds(identity$ | async) ; let time">
-        Login certificates expire in {{ time }}
+        Login certificates expire in {{ time }} (or when you 5 minutes after you close this tab, which ever comes first)
     </div>
     <div *ngIf="identity$.value !== null && identity$.value !== undefined"> 
         <!--<div *ngIf="identity$.value.systemalerts.value !== null">-->
diff --git a/src/app/keygen/keygen.component.ts b/src/app/keygen/keygen.component.ts
index 0d3aa0603dd402a55d89fa2668a8c15486ef26a2..bcc071671ff039d3d1b5c5cd1790baecbc56f0be 100644
--- a/src/app/keygen/keygen.component.ts
+++ b/src/app/keygen/keygen.component.ts
@@ -116,7 +116,8 @@ export class KeygenComponent implements OnInit, OnDestroy {
     let headers = new HttpHeaders({'Authorization':'Bearer '+token.token});
     let options = { headers: headers, withCredentials: false};
     var now = new Date()
-    var end = new Date(now.getTime() + 24*60*60*1000); //request a certificate valid for 24 hours
+    var end = new Date(now.getTime() + 28*24*60*60*1000); //request a certificate valid for 28 days
+                                                          //its expected that the user will terminate the session by closing their browser/sleeping their laptop before this
     let data = {'public_key': key.public, 'end': end.toISOString()};
     return this.http.post<any>(token.sshauthzservice.sign,data, options).pipe(
       tap((v) => console.log('in getCert',v)),