Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should we deprecate the "Remember Me" checkbox and start assuming?

I've been thinking about this quite a bit lately, and I would like some feedback from this wonderful community. Is it safe to assume that a user wants to be remembered when they login? And if they are using a public computer, is it safe to assume that they are smart enough to logout before leaving?

like image 706
Josh Stodola Avatar asked Sep 18 '09 00:09

Josh Stodola


People also ask

Are Remember Me feature safe?

Use the “remember me” option to reduce how often you have to sign in with two-factor authentication (2FA) on the same web browser. It's safe to use on trusted computers, and lasts for 30 days.

What happens when you click remember me?

Clicking the “Remember Me” box tells the browser to save a cookie so that if you close out the window for the site without signing out, the next time you go back, you will be signed back in automatically. Make sure that you have your browser set to remember cookies, or this function will not work.

Is remember me insecure?

Remember Me Implementation Will Always be Insecure There is no standard way of implementing secure session persistence.


2 Answers

I don't really think it's safe to assume anything about the end-user.

Plus, it's easier for a user to just close the browser rather than to log out of every website, so providing a remember me checkbox defaulted to false is user friendly and less hassle for them over-all.

like image 76
Tablet Avatar answered Oct 02 '22 00:10

Tablet


No. In this age of too-little privacy, any potential hole for a breach should be closed. Sites should be getting more secure, not less.

like image 29
Ben M Avatar answered Oct 01 '22 22:10

Ben M