PDA

View Full Version : Login security


Lutenist
29-09-2005, 02:16
At the moment I do not have an internet connection at home. However all public libraries offer internet connections around here, which enables me to access the forum nevertheless.

Here is my suggestion. While signing in, the "Save" check box is checked by default. If I forget to de-check it while signing in, there is no way to reverse the procedure. (It is not possible to access brower preferences in order to clear all the cookies. The computers being public, are very well protected).

Basically, this means if I accidentally happen to log in, ignoring the check box, anyone accesing that computer can log in using my username and password (unless I notice my error and change my password, of course).

MY SUGGESTION is to make the check box unchecked by default.

raeanne
29-09-2005, 05:09
This sounds like a great idea to me also. I don't use a library computer but the one I use at work is used by other people in the evening and on weekends. It would be easier if the Save box was unchecked. Good idea!

redfairy
29-09-2005, 06:38
ideal suggestion... i too use a common computer which is used by several people daily... i too would love it if the box would be unchecked by default. hope this is considered... have thought about this a while but didnt realise i could actually put it up as a suggestion. thanks...hugz, red

Grigori
29-09-2005, 14:15
At the end of your session on AT, you can exit using the "log out" link at the top right hand corner and that will clear the cookie so the next person cannot use your account here.

Lutenist
30-09-2005, 22:44
At the end of your session on AT, you can exit using the "log out" link at the top right hand corner and that will clear the cookie so the next person cannot use your account here.


I assume the "save password" setting is not one of the cookies that will be cleared at the logout. What would be its function then? The check box is there so that one can conveniently log in next time without having to write the password. Now that I think about it, aren't passwords and cookies stored separately in web browsers? Nevertheless, would the password be cleared at logout, the whole function would be useless.

Grigori
01-10-2005, 00:09
I assume the "save password" setting is not one of the cookies that will be cleared at the logout. What would be its function then? The check box is there so that one can conveniently log in next time without having to write the password. Now that I think about it, aren't passwords and cookies stored separately in web browsers? Nevertheless, would the password be cleared at logout, the whole function would be useless.

No, if you "Log Out" the password is cleared as it is stored in the cookie. Try it, you will see.

You basically have three options after you've entered the password and asked to save it:

1) Log out: in which case the password is forgotten and your account is safe on a public computer.
2) Shut down the browser, in which case the password is remembered and another person could use your account.
3) Go to another website, which also leaves your account vulnerable.

The function is not useless, but is terminated by you pressing the "log out" link (and not by option 2 and 3)

This is not the same as a feature in which you ask Windows to remember your password (which seems to be what your opinion was based on), but instead it is creating a cookie that is saved in your internet files.

Lutenist
03-10-2005, 22:55
No, if you "Log Out" the password is cleared as it is stored in the cookie. Try it, you will see. [...] This is not the same as a feature in which you ask Windows to remember your password [...]
:) Ok, now I got it. Thank you for the clarification.