[thelist] Remember Me? Still useful?
Lee Kowalkowski
lee.kowalkowski at googlemail.com
Tue Dec 11 04:00:32 CST 2007
On 10/12/2007, Bill Moseley <moseley at hank.org> wrote:
> I'm wondering if the old "remember me" checkbox on logins has
> an use any more with browsers able to remember forms. Specifically,
> if the added convenience of not having to click the login button on a
> pre-filled login form is worth the extra loss of security by allowing
> cookies to automatically log users in.
Hmm, I never use password managers, I don't like the idea of having
all my usernames and passwords "in one basket".
As long as the "remember me" feature is implemented well (e.g. doesn't
actually store your username & password) and is used appropriately by
the user (e.g. on a secured computer and still only for websites which
don't hold any private data, like forums - so not banks or shopping),
I think the 'loss of security' is worth the convenience of not having
to repeatedly interact with a login form.
If somebody were able to intercept a single authentication token, the
risk is contained, unlike if somebody had my entire password manager
database.
--
Lee
More information about the thelist
mailing list