forum system handling of "stay logged in"

  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Larger Font Styles
    Guest:

    Just a quick heads-up that I've implemented larger font variants of our forum's light and dark page styles. You can select the style of your choice by scrolling to the footer of any page here. This might be more comfortable (it is for me) for those with high-resolution displays where the standard fonts, while permitting a lot of text to fit on the screen, might be uncomfortably small.

    (You can permanently dismiss this notification with the “X” at the upper right.)

    /Steve.

rfrazier

Well-known member
Sep 30, 2020
101
36
I just noticed that, when I log into the forum, the "stay logged in" check box is on by default.

Since this is a Security Now forum, it seems to me that this box should be OFF by default, since it weakens security.

Wink. Wink.

Ron
 

Steve

(as in GRC)
Staff member
Feb 1, 2019
195
481
65
Southern CA, USA
www.grc.com
I take your point, Ron. But all of the content here is publicly viewable by anyone (or any bot) who is not logged in. The only danger I can see from supporting persistent logon (which is a HUGE convenience) is that someone might post in someone's stead, spoofing their ID. The danger imposed by that seems minimal.
 

rfrazier

Well-known member
Sep 30, 2020
101
36
I see your point as well. I guess it could go either way. I just always uncheck that box wherever I see it. I guess I might feel differently if the website times out and kicks me off. If I'm in YouTube, for example, it still stays logged in until I reboot or restart the browser or clear cookies.

:cool: Thanks for the reply.

Ron
 

danlock

Worthless member
Sep 30, 2020
69
20
I was thinking that the fact that the forums and their messages are on grc.com makes them more secure than most, but I can see the potential issue presented if a user logs in using a public computer without unchecking the persistent login box. Fortunately for me, my computers and I live alone and separate from the rest of the world.