Hacker News new | past | comments | ask | show | jobs | submit login

My company is planning to roll out a new login form with a "don't remember me" checkbox. The guy who implemented is standing by it because that's what the mockup showed, and the designer essentially covers his ears and shouts LA LA LA LA when you try to address it with him.

So yeah, I expect some fun comments when that eventually rolls out.




This default is only going to create security risks as users login on public-facing devices, like a library or device they don't own.

I hope you don't make PII or transactions available inside your app, otherwise I would urge escalating this issue internally.


I'm probably in the minority, but I just expect web sessions to persist regardless of what checkboxes I check. If I have to login to anything on a computer that isn't mine, I just open a private session (usually incognito in Chrome).


Maybe you should (delete your comment and then) send them this thread




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: