none
"Remember Login info" feature for account management ?! RRS feed

  • Question

  • months ago, I created my first account management program , capable of registering users with some basic info like names , email ... , and editing account info later after logging in.

    My program saves each user's info  as a record in an access database, passwords are stored hashed and salted.

    I want to add a checkbox to my login form , something  like "Remember Login Info" , so that when a user enters his account info for the first time  and successfully logs in , for the next time ,  my program doesn't want him to reenter his password.

    Well,  this should be only available if the same username is entered  . If username changes , user must enter password manually.

    Security of program is at center of attention , then my users' ease.

    What approach do u suggest ? Where and how should I securely  store the last successful login info ?



    Sunday, October 21, 2018 10:52 PM

Answers

  • IMHO if the user name or password changes there needs to be a reset. The reset would remove the user or the user password so when the user enters the new user name or password they are prompted. The reset could be something as simple as them emailing (have an option in the app to do this along with then the app is installed a readme file with information about handling changing name and/or password) the admin then the admin would remove the user or clear the password. So the missing part here is the communication to the admin and the admin tool to perform the appropriate actions.

    Many web apps for instance use this strategy and Microsoft Azure permits it (but discourages keeping someone indefinitely logged in).

    Windows Active Directory has similar capabilities but is done by time period for small to large organizations.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    • Marked as answer by Kevin993 Monday, October 22, 2018 8:07 AM
    Monday, October 22, 2018 1:34 AM
    Moderator

All replies

  • Hi

    If I understand your question correctly.

    Although you say that security is most important, it seems to me that opening the program up where anyone could type in someone else's name and gain access wouldn't be the best move. After all,the whole point of UserName/Password is to verify a user correctly.


    Regards Les, Livingston, Scotland

    Sunday, October 21, 2018 11:20 PM
  • IMHO if the user name or password changes there needs to be a reset. The reset would remove the user or the user password so when the user enters the new user name or password they are prompted. The reset could be something as simple as them emailing (have an option in the app to do this along with then the app is installed a readme file with information about handling changing name and/or password) the admin then the admin would remove the user or clear the password. So the missing part here is the communication to the admin and the admin tool to perform the appropriate actions.

    Many web apps for instance use this strategy and Microsoft Azure permits it (but discourages keeping someone indefinitely logged in).

    Windows Active Directory has similar capabilities but is done by time period for small to large organizations.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    • Marked as answer by Kevin993 Monday, October 22, 2018 8:07 AM
    Monday, October 22, 2018 1:34 AM
    Moderator