IET
Decrease font size
Increase font size
Topic Title: Website login - minor annoyance
Topic Summary:
Created On: 19 August 2010 11:24 AM
Status: Read Only
Linear : Threading : Single : Branch
Search Topic Search Topic
Topic Tools Topic Tools
View similar topics View similar topics
View topic in raw text format. Print this topic.
 19 August 2010 11:24 AM
User is offline View Users Profile Print this message



padkins

Posts: 41
Joined: 11 September 2001

The website login at the top of the Home Page has a "Remember me" checkbox, which is checked by default.

For improved security, this should be unchecked by default. I often log in when I am out and about and not using my own computer, and I have to uncheck this each time I log in, but one day I might forget.

Since the login provides access to personal details, security is important. Please could you ask the website admin to make this small change,

Regards Paul Adkins (M21996787)

-------------------------
padkins
 20 August 2010 02:21 PM
User is offline View Users Profile Print this message


Avatar for rossall.
rossall

Posts: 1048
Joined: 06 August 2001

Thanks for your feedback. We changed the default on this recently, and we'd like to hear from others with their views.

We encourage members and others to log in to the site when visiting, because you get smooth access to the various services, as well of course as being able to post in these forums. Members are recognised in the shop and given automatic discounts on books, get access to Career Manager and the library's range of e-books, and so on.

Obviously, as with any other site, you should not use Remember Me when on a public computer. To provide a further level of protection, when you go to the more sensitive pages in My IET and are relying on Remember Me, we ask you to log in again.

Regards

-------------------------
David Rossall
The Institution of Engineering and Technology
 20 August 2010 02:26 PM
User is offline View Users Profile Print this message


Avatar for keithgparr.
keithgparr

Posts: 710
Joined: 07 May 2002

I undersand the security issues - although they are not in the same league as bank account access and so on.

I'm a faily heavy user of the IET site and almost always access it from my own machine, I am therefore happy that remember me is on by default (in fact I complain to David when remember me forgets me <smile>. OTOH for people who access the site from public computers I can see they might prefer the option to be off by default.

Perhaps it comes down to the relative proportion of people who access the site primarily from public computers?

Keith

-------------------------
Keith Parr
Council 2006-10
Consultants' Professional Network - 2009
Benelux LN - 2009
http://keithparr.tel/
 20 August 2010 02:55 PM
User is offline View Users Profile Print this message


Avatar for bpsbrooks.
bpsbrooks

Posts: 348
Joined: 09 June 2002

I, too, prefer the "remember me" to be on by default.

Those who use public machines will need to be rigourous in their personal security anyway, and I suspect that the majority of users do so on their own machines and would prefer the least hindrance to gain entry to secure areas of the site.

On a separate but related issue, it would help (me) to know when I am inside the secure area of the site. Despite logging in, there is no indication whether the various pages (particularly the wide range of DF pages) are public or not.

-------------------------
Barry Brooks
CEng FIET
President (2013-14)
Twitter: @ietpresident
Skype: barrybrooks
 20 August 2010 04:25 PM
User is offline View Users Profile Print this message


Avatar for hamishbell.
hamishbell

Posts: 288
Joined: 11 September 2001

Yes, always on is good! I also agree with Barry about indicating which areas are secure/ confidential; I subscribe to messages being delivered to me rather than having to check the forims individually and all messages come from "webmasteretc". There is no immediate recognition which of them might be public and which are not.

Otherwise - great service!
Regards
Hamish

-------------------------
Hamish V Bell, BSc, CEng, FIET, FCQI, CQP
2013 - 2016 Elected Council Member
2007 - 2010, Vice President and Trustee
 20 August 2010 05:03 PM
User is offline View Users Profile Print this message



mbirdi

Posts: 1907
Joined: 13 June 2005

There is also the added problem that if a member closes their browser instead of clicking the logout button, the next time the browser is started and anyone types www.theiet.org, the IET home page appears as being already logged in with the previous member's credentials.

Members need to remember to use the logout button before closing their browser.
 20 August 2010 07:04 PM
User is offline View Users Profile Print this message


Avatar for rossall.
rossall

Posts: 1048
Joined: 06 August 2001

mbirdi - we would definitely recommend, on a shared or public machine, that you uncheck the Remember Me box before logging in. This will mean that you are not logged in when the browser is restarted by another user, even if you do not log out explicitly. This advice applies to all sites with Remember Me functions, and not just the IET.

Barry and Hamish, interesting point about the secure areas. When you browse the forums, secure categories are marked with a padlock on the icon in the list of categories. We also normally include the word "private" in the description of the category.

However, obviously, if you follow a link in an email and go straight to a message, you bypass the category listing, and I can understand that this may mean that you have to think about whether or not you are replying to a public thread. Board/Committee categories are normally private, so if the forum breadcrumb trail below the Private Messages icon indicates that you are in one of your committee areas, that should help.

We don't mark all secure pages in a single way, but there is a range of possible implications for "secure". Some are secured, but for all IET members, and others only for those in a particular volunteering role. The description on the page may well state the audience and whether it is private.

If there is a particular page that could be clearer, please let me know by PM.

-------------------------
David Rossall
The Institution of Engineering and Technology
 20 August 2010 08:15 PM
User is offline View Users Profile Print this message


Avatar for bpsbrooks.
bpsbrooks

Posts: 348
Joined: 09 June 2002

Thanks David - sorry to catch you at the start to the weekend!

As you say, entering via a link in another email, such as the alerts to DF comments, means that there is no indication at all as to what level of privacy applies. Ideally, I suggest, each page should have some clearly visible indicator as to whether the thread is secure (ie members only) or public (ie readable and searchable by the general public). If those threads open to particular sub-groups, such as individual Board or Committee secure areas, also indicated the sub-groups who can see them, that would also be more reassuring.

At the moment, there is no indication as to who can see what we write.

-------------------------
Barry Brooks
CEng FIET
President (2013-14)
Twitter: @ietpresident
Skype: barrybrooks
 23 August 2010 12:19 PM
User is offline View Users Profile Print this message



padkins

Posts: 41
Joined: 11 September 2001

Thanks David, but I'm not sure I fully understand this.

If the default was not checked, then those who are comfortable with the lack of security would only have to check the box once and the system would remember for all future logins - at least until the user clears cookies.

With the default as checked, those of us who want the security have to clear the box every time we log in.

Not an equitable solution I suggest, nor is it safety-first!

Paul.

-------------------------
padkins
 24 August 2010 02:55 AM
User is offline View Users Profile Print this message


Avatar for sfchew.
sfchew

Posts: 589
Joined: 10 December 2002

In view of security concern it is becoming common for most sites to be automatically logged out. Individually you can select to have the password remembered on your computer so that it is faster for you to log in again.

Regards
Chris Chew
Statistics

See Also:



FuseTalk Standard Edition v3.2 - © 1999-2014 FuseTalk Inc. All rights reserved.