Login password save

Curtis_Bruneau · September 24, 2009, 7:04pm

Has anyone ever come across an extension or made a login password saver
using cookies? I’m just wondering I had a few users ask about saving
their login password.

Curtis

jpierce · September 24, 2009, 7:05pm

Has anyone ever come across an extension or made a login password saver
using cookies? I’m just wondering I had a few users ask about saving
their login password.
Evil bad awful idea.

If they simply want to stay logged in for a long time between authentications,
why not extend your session period? See the wiki for details.
Cambridge Energy Alliance: Save money. Save the planet.

Tom_Lahti · September 24, 2009, 7:34pm

Has anyone ever come across an extension or made a login password saver
using cookies? I’m just wondering I had a few users ask about saving
their login password.

Evil bad awful idea.

… because anyone with physical access to their computer can create RT
transactions as the user with the saved password without having to know the
password.

Even without doing that, the session length presents the same issue if users
do not lock their workstations when they leave their desk. Here I have an
alias set up that emails the whole company; if I find an employee has left
their workstation unlocked, I send out a company-wide email from them with
some silly statement (“I watch Sesame Street” is a favorite). Needless to
say, no one hardly ever does that anymore

– ============================
Tom Lahti
BIT Statement LLC

(425)251-0833 x 117
http://www.bitstatement.net/
– ============================

jpierce · September 24, 2009, 7:36pm

Has anyone ever come across an extension or made a login password saver
using cookies? I’m just wondering I had a few users ask about saving
their login password.

Evil bad awful idea.

… because anyone with physical access to their computer can create RT
transactions as the user with the saved password without having to know the
password.
I was thinking more that it generally ends up storing the password in the clear,
and is constantly sending that information back to the server.

Besides, browsers have built-in facilities for remembering passwords
if that’s your bag;
and in FF they can all be encrypted with a single master password.

Cambridge Energy Alliance: Save money. Save the planet.

Tom_Lahti · September 24, 2009, 8:02pm

I was thinking more that it generally ends up storing the password in the clear,
and is constantly sending that information back to the server.

That too.

Besides, browsers have built-in facilities for remembering passwords
if that’s your bag;
and in FF they can all be encrypted with a single master password.

Which are stored in the user’s profile, not globally. Still have to log
in/unlock as that user to gain the saved passwords. Unless you make everyone
a local admin, then nothing else matters

– ============================
Tom Lahti
BIT Statement LLC

(425)251-0833 x 117
http://www.bitstatement.net/
– ============================