Remember Me on this Web SIte

It's a pain to have to look up my pwd all the time.

What's more the site, won't even let IE remember my username.

Not good.

Well you can always write a cookie which remembers the username and password, but by doing so there are some safety issues you should consider....

You simply can not expect that a user always visit your site from behind his own computer, neither can you expect that a user is the only user on that particular machine.

Leaving cookies with the password, even encrypted is generally a bad idea. Also, permitting the browser to remember the password is also dangerous and it could seriously compremise the safety of your site.

Why? Well take a look around on the internet, lots of software to crack (even encrypted) cookies etc. etc. So if you have a cookie tool beware that nothing is safe. Leaving the option open that a browser can remember passwords could be easy for the user, but you can't expect that every user of your site is aware of safety issues.... As a web designer you are responsible for that safety issues, protecting peoples privacy and money in case you have a webshop etc.

Geetings,

Could the system identify the returning user's IP address? Since IP addresses are unique, Once authenticated, the system could allow a user to login automatically by associating that user's login (stored via a cookie) with an IP Address (made evident via a JavaScript call?). Just a theory - not sure if this is practical or even a valid solution.

Theoretically this is possible by checking the requestheader. But it might not always work. The information may not always be meaningful due to network address translation (NAT). Depending on how clients connect to the internet, multiple clients may share the same IP address (that of a gateway computer). The IP address may also change over the course of several request. (This can strongly relate to the provider system or maintenance etc. etc.)

But it also does not eleminate the problem that you can't know if the machine isn't used by other persons.


Using cookies requires a certain strateqy. For instance, if you run a webshop, you can make it possible that a user is verified by a cookie and, have some special settings loaded, can look at his wishlist etc. etc. But when the user makes a request to change his profile, wants to make a transaction etc. etc. he or she must always use his password. This is a compremise you make between a user friendly website and a safe website. You keep sensitive data protected with a password protocol while less sensitive data/settings are automatically implied through the use of cookies.

blah blah blah. this is WebAssist not Fort Knox.

Even my bank accounts are easier to work with then this site.

This issue has actually been covered in other posts. Webassist takes credit cards online, and thus has to be PCI compliant. Their merchant bank not only requires pci compliance, but many have stiffer security requirements to keep their merchant rates low.

As for being more difficult than your bank, perhaps they are behind the times a bit. Many banks, when entering a password require you to recognize an image, or logo as belonging to your accoung, and click in your password on a randomly changing keypad (ie keys that change position each time you reload the page) to prevent keyloggers from capturing your password.

While I agree it is a hassle to have to type in my password each time I visit, it seems a small price to pay for the added secutity.

Tom

Originally Said By: tom250037

  While I agree it is a hassle to have to type in my password each time I visit, it seems a small price to pay for the added secutity.
Tom  

I suppose I'm getting idle in my old age, I use Roboform Password Manager to login - one click and 'bingo', I'm into WebAssist and the forum!!

Originally Said By: ccooper309155

  blah blah blah. this is WebAssist not Fort Knox.

Even my bank accounts are easier to work with then this site.  

Excuse me for for putting up a long story but most people are not aware of safety issues considering internet and making payments. And also excuse me for trying to share some experience on a developer website where people are building web shops etc. If I would go to a customer and say "this is all blah blah blah" our team would be out of business.

Internet fraud is the biggest enemy of commercial sites, if your protection fails and customers get ripped your out of business.

One good advice, go to another bank or keep your money in a safe ;)