| Topic: Autologin and passwords...  | |
|---|---|
| Author | Thread | 
| Paranoid (IV) Inmate From: Mexico |    posted 09-15-2004 01:02     I just noticed that the password when the site automatically "logs in" is located in the password input  in a very accesible way. It may be just a bit of paranoia, but I certainly wouldn't want my password to be located in such an easy way. | 
| Paranoid (IV) Mad Scientist with Finglongers From: Germany |    posted 09-15-2004 09:03     or install a keylogger. | 
| Maniac (V) Mad Scientist From: :morF |    posted 10-16-2004 02:27     well, for the system to be able to put your password automatically into the password field it has to be either stored in your cookie or as in a reversible encryption in the database, right? Doesn't this make it a hell of a lot less secure (and more likely to be intercepted) than if once it registered your session it simply didn't have the fields appear and just continued with the previous session? | 
| Paranoid (IV) Mad Scientist with Finglongers From: Germany |    posted 10-16-2004 13:30     it just doesn't matter. Having a session key would give the hypothetical 'in-front-of-your-machine' attacker excat the same amount of leverage that your password does. | 
| Maniac (V) Inmate From: under the bed |    posted 10-16-2004 18:33     | 
| Maniac (V) Mad Scientist From: :morF |    posted 10-17-2004 06:46     True points all. | 
| Obsessive-Compulsive (I) Inmate From: Around |    posted 06-26-2005 23:46     Well whenever I posted I received a information that I had either a wrong user name or wrong password so everytime I muss give my password - I find it quite funny | 
| Nervous Wreck (II) Inmate From: TucsonWhere am I |    posted 07-11-2005 02:03     How do you log out? | 
| Maniac (V) Inmate From: under the bed |    posted 07-11-2005 04:25     You are not logged in. | 
| Maniac (V) Inmate From: zero divided. |    posted 07-11-2005 22:36     In like Flynn, you only 'log in' when you post, and only for the purpose of asserting your identity for the post.  If you click 'Forget about me' below your password (and if paranoid, clear passwords and form data) then you will no longer see your username and password in the post box. | 
| Obsessive-Compulsive (I) Inmate From: Detroit, Michigan |    posted 08-03-2005 15:13     Interesting... | 
| Nervous Wreck (II) Inmate From: Around |    posted 08-04-2005 00:39     Are you satisfied now? - dont worry be happy |