From what I have noticed, there is very few services that offer the Remember Ema

Question

From what I have noticed, there is very few services that offer the Remember Email over Remember Me or Sign-in Automatically.

These options really do make the life easier for the end-user of applications. I strongly think that Remember Email would be way better with making the user input their password into the password field. Also, it would boost security with doing it that method (e.g. CreditKarma as an example).

Would it be more secure if we do Remember Email and make our users put in their passwords each time they have to login to systems?

Explanation / Answer

I can explain this to you by taking few examples

First is that you have allowed "keep me signed in" on your website, so there are chances of unauthorized access if the user computer gets hijacked or is in hands of an unauthorized person. A malicious person will be able to get every information residing on the account. However, there are least chances that the the person will be able to do any malicious activity such doing a transaction or changing the password and or email. These require an user to enter the current password.

Second case is that you have enabled 'Remember Email.' The user is comparatively more secure than in the previous case, chances are low that there will be an unauthorized access to the account. However, there is one little possibility of losing the account if there is any malware or say keylogger residing on the computer. The user will lose the control over the account, but it happens mostly in the case of targeted attacks.

In my opinion allowing 'Remember Email' is a better option than allowing 'Keep me Signed In.'

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.