Highlighted

"Stay logged on" checkbox is ALWAYS CHECKED - this is a security issue

LEGEND ,
Mar 06, 2015

Copy link to clipboard

Copied

Could Adobe please change the code for the login screen so that the "Stay logged on" checkbox isn't always checked (on)? 

It doesn't matter if cookies are enabled, or not, it never remembers my desire to NOT BE AUTOMATICALLY LOGGED ON WHEN I VISIT.

Cookies aside, this checkbox should never be automatically checked unless the user has expressly decided for it to be so.

Anyone using a public computer may not remember to uncheck that checkbox; or may not even see it, if the user is in a hurry.  This leaves that user's Adobe account VULNERABLE to anyone who uses that computer after the user is done.  Not just for that hour, or day, but for as long as the cache and cookies are not cleared.  How many accounts have to be ruined (password changed; vulgar/profanity-laced posts; etc.) before Adobe will take this seriously?

On top of that, I'm sick and tired of having to remember to uncheck that stupid checkbox before typing my password (it always remembers login name - another potential security vulnerability) to log on.

Stop thinking that you know what's best for everyone in the whole world, Adobe.  That's a very ugly attitude.

Disrespectfully,

^_^

Views

786

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

"Stay logged on" checkbox is ALWAYS CHECKED - this is a security issue

LEGEND ,
Mar 06, 2015

Copy link to clipboard

Copied

Could Adobe please change the code for the login screen so that the "Stay logged on" checkbox isn't always checked (on)? 

It doesn't matter if cookies are enabled, or not, it never remembers my desire to NOT BE AUTOMATICALLY LOGGED ON WHEN I VISIT.

Cookies aside, this checkbox should never be automatically checked unless the user has expressly decided for it to be so.

Anyone using a public computer may not remember to uncheck that checkbox; or may not even see it, if the user is in a hurry.  This leaves that user's Adobe account VULNERABLE to anyone who uses that computer after the user is done.  Not just for that hour, or day, but for as long as the cache and cookies are not cleared.  How many accounts have to be ruined (password changed; vulgar/profanity-laced posts; etc.) before Adobe will take this seriously?

On top of that, I'm sick and tired of having to remember to uncheck that stupid checkbox before typing my password (it always remembers login name - another potential security vulnerability) to log on.

Stop thinking that you know what's best for everyone in the whole world, Adobe.  That's a very ugly attitude.

Disrespectfully,

^_^

Views

787

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 06, 2015 0
Most Valuable Participant ,
Mar 06, 2015

Copy link to clipboard

Copied

If you untick the box then the site doesn't set a persistent cookie, so it cannot know that you've previously unticked it when you come back.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 06, 2015 0
LEGEND ,
Mar 06, 2015

Copy link to clipboard

Copied

Okay.. so that means that the accounts of users who use a public computer (like at a library) will forever be vulnerable to ruin (or until the computer is wiped) if the user doesn't uncheck the box before logging on.  That's just as bad as being vulnerable unless/until the cache/cookies are cleared from the browser, if not worse.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 06, 2015 0
Most Valuable Participant ,
Mar 06, 2015

Copy link to clipboard

Copied

Hi,

If I'm on a public computer, I tend to clear the browsing history when I have finished. Are you saying that the username/password info isn't cleared by that?

Since I spend most time at home, I think I would hate to have to keep checking that box.

Brian

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 06, 2015 0
LEGEND ,
Mar 07, 2015

Copy link to clipboard

Copied

@Little_Pale_Face, clearing the browsing history on a public computer does NOT clear the login session.  If you use a public computer to access Adobe forums and just close the browser without logging off and without clearing the "Stay logged on" checkbox, and if someone else after you were to enter "https://forums.adobe.com" on that same computer and using the same browser, they won't get a login prompt; they will automatically log on to your account.

@pwillener I've never had that problem as long as the browser is not closed and as long as lack of activity doesn't exceed 10 minutes, even after clearing the "Stay logged on" checkbox.

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 07, 2015 0
Most Valuable Participant ,
Mar 08, 2015

Copy link to clipboard

Copied

Hi,

Thanks for the clarification. I don't think that I would even think about not logging off on a public computer. Does that mean I should be OK leaving the "stay  logged in" box checked?

When I'm at home, I log out of all my online accounts, as I use them, except my Adobe account and my computer is protected by a finger print reader.

Brian

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 08, 2015 0
LEGEND ,
Mar 08, 2015

Copy link to clipboard

Copied

On a public computer, after logging off you would also need to delete all cookies for adobe.com (and, depending what you do, also acrobat.com).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 08, 2015 0
Most Valuable Participant ,
Mar 08, 2015

Copy link to clipboard

Copied

Thanks,

Isn't that part of clearing the browser history which I said I would be doing?

Brian

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 08, 2015 0
LEGEND ,
Mar 08, 2015

Copy link to clipboard

Copied

That depends on the browser (also browser version).  I remember some time ago in Firefox you had to clear history and cookies separately; now in the current version it can be done at once (if Cookies is checked in the Details list).

Not sure about other browsers, but I think it's important to make sure that cookies are deleted (more so than the cache & browser/download history).

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 08, 2015 0
Most Valuable Participant ,
Mar 09, 2015

Copy link to clipboard

Copied

Many thanks.

I think that I may have been sidetracked with all the talk on security. I have just realised that I would rarely us a public PC to access my Adobe account so I don't think I need worry too much there. What use I do make of public PC is normally anonymous anyway - like searching for information.

Brian

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 09, 2015 0
LEGEND ,
Mar 06, 2015

Copy link to clipboard

Copied

There is also another problem with this in the current Jive software: if you do not check "stay logged in", you may get logged out from the forums every few minutes or so.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 06, 2015 1
LEGEND ,
May 07, 2015

Copy link to clipboard

Copied

And to make this even MORE cringe-worthy, I just discovered that if you uncheck the 'remember me' box and enter an incorrect login or password, then the form clears the password input AND RE-CHECKS THE 'REMEMBER ME' BOX!!!!!

Damnit!

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 07, 2015 0
Most Valuable Participant ,
May 08, 2015

Copy link to clipboard

Copied

Until you successfully log in there's no session, so it's impossible to store your preferences for being remembered! It's simply defaulting each time the page loads.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 08, 2015 0
LEGEND ,
May 15, 2015

Copy link to clipboard

Copied

Which is precisely what the point of this thread has been from the beginning.  It should NOT be defaulted to on.  It should be defaulted to OFF.  It will still give the user the option of being remembered without forcing us to uncheck it every time.

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
May 15, 2015 0