Skip to main content
WolfShade
WolfShade
Legend
March 6, 2015
Question

"Stay logged on" checkbox is ALWAYS CHECKED - this is a security issue

  • March 6, 2015
  • 3 replies
  • 1226 views

Could Adobe please change the code for the login screen so that the "Stay logged on" checkbox isn't always checked (on)? 

It doesn't matter if cookies are enabled, or not, it never remembers my desire to NOT BE AUTOMATICALLY LOGGED ON WHEN I VISIT.

Cookies aside, this checkbox should never be automatically checked unless the user has expressly decided for it to be so.

Anyone using a public computer may not remember to uncheck that checkbox; or may not even see it, if the user is in a hurry.  This leaves that user's Adobe account VULNERABLE to anyone who uses that computer after the user is done.  Not just for that hour, or day, but for as long as the cache and cookies are not cleared.  How many accounts have to be ruined (password changed; vulgar/profanity-laced posts; etc.) before Adobe will take this seriously?

On top of that, I'm sick and tired of having to remember to uncheck that stupid checkbox before typing my password (it always remembers login name - another potential security vulnerability) to log on.

Stop thinking that you know what's best for everyone in the whole world, Adobe.  That's a very ugly attitude.

Disrespectfully,

^_^

    This topic has been closed for replies.

    3 replies

    WolfShade
    WolfShadeAuthor
    Legend
    May 7, 2015

    And to make this even MORE cringe-worthy, I just discovered that if you uncheck the 'remember me' box and enter an incorrect login or password, then the form clears the password input AND RE-CHECKS THE 'REMEMBER ME' BOX!!!!!

    Damnit!

    D
    Dave Merchant
    Legend
    May 8, 2015

    Until you successfully log in there's no session, so it's impossible to store your preferences for being remembered! It's simply defaulting each time the page loads.

    WolfShade
    WolfShadeAuthor
    Legend
    May 15, 2015

    Which is precisely what the point of this thread has been from the beginning.  It should NOT be defaulted to on.  It should be defaulted to OFF.  It will still give the user the option of being remembered without forcing us to uncheck it every time.

    ^_^

    pwillener
    pwillener
    Legend
    March 7, 2015

    There is also another problem with this in the current Jive software: if you do not check "stay logged in", you may get logged out from the forums every few minutes or so.

    D
    Dave Merchant
    Legend
    March 6, 2015

    If you untick the box then the site doesn't set a persistent cookie, so it cannot know that you've previously unticked it when you come back.

    WolfShade
    WolfShadeAuthor
    Legend
    March 6, 2015

    Okay.. so that means that the accounts of users who use a public computer (like at a library) will forever be vulnerable to ruin (or until the computer is wiped) if the user doesn't uncheck the box before logging on.  That's just as bad as being vulnerable unless/until the cache/cookies are cleared from the browser, if not worse.

    Little_Pale_Face
    Little_Pale_Face
    Inspiring
    March 6, 2015

    Hi,

    If I'm on a public computer, I tend to clear the browsing history when I have finished. Are you saying that the username/password info isn't cleared by that?

    Since I spend most time at home, I think I would hate to have to keep checking that box.

    Brian

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices