I've been thinking about this quite a bit lately, and I would like some feedback from this wonderful community. Is it safe to assume that a user wants to be remembered when they login? And if they are using a public computer, is it safe to assume that they are smart enough to logout before leaving?
+10
A:
I don't really think it's safe to assume anything about the end-user.
Plus, it's easier for a user to just close the browser rather than to log out of every website, so providing a remember me checkbox defaulted to false is user friendly and less hassle for them over-all.
Shahin
2009-09-18 00:52:00
+4
A:
No. Never assume that your users will do things that you want them to do if you don't explicitly tell them (i.e. force them) to do so.
The "Remember me" checkbox is an excellent example of how ignorant users can be - even when the checkbox is there, the fact that users are kept logged on on public computers is a problem. It won't help if you start assuming...
Tomas Lycken
2009-09-18 00:53:20
+4
A:
No, it is best to assume nothing, especially something like remembering the user.
What if they are at a friend's house or on a public computer and forget to log out?
Dana Holt
2009-09-18 00:54:08
+7
A:
No. In this age of too-little privacy, any potential hole for a breach should be closed. Sites should be getting more secure, not less.
Ben M
2009-09-18 00:54:08
A:
If your website is not security-relevant (that is: You're not a bank, medical or insurance company), then I would reverse the checkbox. Make "Remember me" the default and have a checkbox "This us a public computer, do not store my password". That would be my wish as a user, as I hate "Remember me" checkboxes, also because they don't work most of the time.
Michael Stum
2009-09-18 00:54:48
+1
A:
Now that most browsers can remember passwords anyway, there's little point in setting a remember-me cookie as well, so you can get rid of that option. Then users can no longer complain if they clear their cookies and then wonder why your site doesn't know them from Adam...
However, do not assume the user will log out. They don't, and with tabbed browsing, your session cookie could stick around for a very long time - maybe several days if they keep using hibernate/sleep mode and only restart their browser when it crashes. Therefore you need to set a reasonable inactivity timeout and require them to log back in once it expires.
Terry Johnson
2009-09-18 01:02:36
With browsers' "remember password" functionality, users still have to go to the login page, possibly select their user name from the list of remembered user names (then the password will be filled automatically), then click the Log In button, then go to the page in the site that they want. Sites' "Remember me" functionality shortcuts all of this -- users simply go straight to the page they want and are automatically logged in. "Remember me" is still useful.
Bennett McElwee
2010-04-29 21:56:13
A:
Is it safe to assume that a user wants to be remembered when they login?
I would say that yes, in 80% of the cases (total guess on my part), the person connecting to your website is not through a public computer, and they would rather not have to retype their information every time they come to the website.
And if they are using a public computer, is it safe to assume that they are smart enough to logout before leaving?
No, that's not safe to assume. And smartness isn't even the proper term - it's more a question of remembering or even being aware I would say.
So I say go the safe route. Provide a "Remember me" checkbox, and leave it unchecked by default. People are used to this scenario. It's not that big a deal and it's much less likely to cause you trouble than checking it by default, or even worse not providing it and doing it silently.
JRL
2009-09-18 01:14:47
+1
A:
No. Don't forget the old phrase:
When you make an assumption, you make an "ass" out of "u" and "mption".
MusiGenesis
2009-09-18 01:34:34
A:
I think it should be there on non-vital sites, but never checked by default and never automatically assumed to be wanted. If people don't want to remember their logins or retype them, let the browser's password manager or whatever deal with it, not the site. Users generally don't logout - to many, just closing the browser counts.
CodeByMoonlight
2009-09-18 01:46:52