Saturday, August 20, 2016

usability - Remember Me in an enterprise application: What to remember?


I've just finished a well-thought login validation mechanism and have asked myself the following question several times:



What does the user expect when he checks the Remember me checkbox in an enterprise application?




So, should I store only the username or the password alongside it, so the user gets logged-in right away when he starts up the application? Or should I simply save the username and have the user re-enter the password all the time?


I'm not asking whether or how to save the remembered password, that'd be a question for security.stackexchange.com and not ux.


This application (not necessarily mine) is used daily in a high frequency, so also remembering the password would be a good idea. But would it? Or wouldn't it? What does the user expect?


I've also considered implementing some kind of expiring-algorithm, but I do not fancy that so I'm now asking the experts: You!



Answer



This is mostly a security question, however, traditionally the "Remember Me" checkbox places a session cookie in the user's browser so as to "automatically" log the user in. Making the checkbox "remember" the user's username/password is a feature best left to the browser and could be unintuitive for users accustomed to the normal behavior.


I would go with the normal route of creating a session cookie - like you said, you can have this cookie expire to increase the security of the method. There is likely a very standard way of doing this depending on the technologies you are using to host/run your website.


Edit: Sullivan also has the good suggestion of naming this feature more properly (i.e., "Stay signed in").


No comments:

Post a Comment

technique - How credible is wikipedia?

I understand that this question relates more to wikipedia than it does writing but... If I was going to use wikipedia for a source for a res...