Suggest changing "remember me" default to "no"

[johnniet]

I just logged in at a public terminal. Apparently I've used it before, although it would have had to be months ago. But it knew that I was johnniet!

This strikes me as a little bit dangerous. With 20,000 members, there must be one or two other screwups who might forget to uncheck "remember me" all the time. And we know there are more than one or two mischievous people among us who wouldn't think twice about playing around with somebody's online identity.

Another possibility would be a cookie that expires after a time--but renews itself when you go back to BFC. That way somebody's regular computer would keep you logged in (unless you stay away for a long time), but a public terminal would probably lose the cookie after a short time.

I've also learned never to use the public terminals here again, since any properly run system should frequently delete any cookies outside of an approved list.

Thanks for reading!

 

[Cougar Allen]

Maybe we should write in big red letters across every page here:
IF YOU'RE NOT USING YOUR OWN COMPUTER, LOG OUT WHEN YOU'RE DONE!

We've posted that plenty of times ... I believe it's in the FAQs somewhere too ...

I believe the default for "remember me" actually is no, but you reset that a long time ago and so does everyone else; it's just about impossible to use the forums without cookies.

I don't know when the cookies are set to expire. I don't think that's something we have any control over; probably only the vBulletin people can change that. If they were set to expire after say a day that still wouldn't make it safe to use a computer you don't control and leave it logged in, and it would annoy everybody who goes for a day without visiting Bladeforums. I don't see any solution but to log out every time you use a computer that anyone else could use.

 

[johnniet]

Yep, and it's much easier to do now that the "Log Out" option appears on top of most pages.
I think we must be talking about different things when we say "remember me". Just now, I deleted all my cookies and closed IE; I re-started IE, came to BFC, and logged in. The box next to "Remember Me?" was already checked. I try to uncheck it whenever I use a computer that other people may use.
More importantly, I'll try to keep the lesson in mind. Thanks doc.

 

[Cougar Allen]

Okay, evidently the default is yes, since it was checked after you deleted your cookies. I don't think changing it to no would be workable, though. Frankly I don't see any good solution to the problem of security -- it's easy for me to say "Log out you dorks!" but no matter how many places we post that many won't get the message.