"Stay logged on" checkbox is ALWAYS CHECKED - this is a security issue

Report · Mar 06, 2015

Could Adobe please change the code for the login screen so that the "Stay logged on" checkbox isn't always checked (on)?

It doesn't matter if cookies are enabled, or not, it never remembers my desire to NOT BE AUTOMATICALLY LOGGED ON WHEN I VISIT.

Cookies aside, this checkbox should never be automatically checked unless the user has expressly decided for it to be so.

Anyone using a public computer may not remember to uncheck that checkbox; or may not even see it, if the user is in a hurry. This leaves that user's Adobe account VULNERABLE to anyone who uses that computer after the user is done. Not just for that hour, or day, but for as long as the cache and cookies are not cleared. How many accounts have to be ruined (password changed; vulgar/profanity-laced posts; etc.) before Adobe will take this seriously?

On top of that, I'm sick and tired of having to remember to uncheck that stupid checkbox before typing my password (it always remembers login name - another potential security vulnerability) to log on.

Stop thinking that you know what's best for everyone in the whole world, Adobe. That's a very ugly attitude.

Disrespectfully,

^_^

Report · Mar 06, 2015

If you untick the box then the site doesn't set a persistent cookie, so it cannot know that you've previously unticked it when you come back.

Report · Mar 06, 2015

Okay.. so that means that the accounts of users who use a public computer (like at a library) will forever be vulnerable to ruin (or until the computer is wiped) if the user doesn't uncheck the box before logging on. That's just as bad as being vulnerable unless/until the cache/cookies are cleared from the browser, if not worse.

Report · Mar 06, 2015

Hi,

If I'm on a public computer, I tend to clear the browsing history when I have finished. Are you saying that the username/password info isn't cleared by that?

Since I spend most time at home, I think I would hate to have to keep checking that box.

Brian

Report · Mar 07, 2015

@Little_Pale_Face, clearing the browsing history on a public computer does NOT clear the login session. If you use a public computer to access Adobe forums and just close the browser without logging off and without clearing the "Stay logged on" checkbox, and if someone else after you were to enter "https://forums.adobe.com" on that same computer and using the same browser, they won't get a login prompt; they will automatically log on to your account.

@pwillener I've never had that problem as long as the browser is not closed and as long as lack of activity doesn't exceed 10 minutes, even after clearing the "Stay logged on" checkbox.

^_^

Report · Mar 08, 2015

Hi,

Thanks for the clarification. I don't think that I would even think about not logging off on a public computer. Does that mean I should be OK leaving the "stay logged in" box checked?

When I'm at home, I log out of all my online accounts, as I use them, except my Adobe account and my computer is protected by a finger print reader.

Brian

Report · Mar 08, 2015

On a public computer, after logging off you would also need to delete all cookies for adobe.com (and, depending what you do, also acrobat.com).

Report · Mar 08, 2015

Thanks,

Isn't that part of clearing the browser history which I said I would be doing?

Brian

Report · Mar 08, 2015

That depends on the browser (also browser version). I remember some time ago in Firefox you had to clear history and cookies separately; now in the current version it can be done at once (if Cookies is checked in the Details list).

Not sure about other browsers, but I think it's important to make sure that cookies are deleted (more so than the cache & browser/download history).

Report · Mar 09, 2015

Many thanks.

I think that I may have been sidetracked with all the talk on security. I have just realised that I would rarely us a public PC to access my Adobe account so I don't think I need worry too much there. What use I do make of public PC is normally anonymous anyway - like searching for information.

Brian

Report · Mar 06, 2015

There is also another problem with this in the current Jive software: if you do not check "stay logged in", you may get logged out from the forums every few minutes or so.

Report · May 07, 2015

And to make this even MORE cringe-worthy, I just discovered that if you uncheck the 'remember me' box and enter an incorrect login or password, then the form clears the password input AND RE-CHECKS THE 'REMEMBER ME' BOX!!!!!

Damnit!

Report · May 08, 2015

Until you successfully log in there's no session, so it's impossible to store your preferences for being remembered! It's simply defaulting each time the page loads.

Report · May 15, 2015

Which is precisely what the point of this thread has been from the beginning. It should NOT be defaulted to on. It should be defaulted to OFF. It will still give the user the option of being remembered without forcing us to uncheck it every time.

^_^

Adobe Community

"Stay logged on" checkbox is ALWAYS CHECKED - this is a security issue