Minor Gripes You'd Like To See Changed or Fixed: A Thread

**tdb** · 12-05-2020 06:54 PM

Originally Posted by RitsukoSonoda

Issue is numerous people have proven repeatedly all over the internet that they aren't qualified to make that choice. As such in the case of SE they decided not to give that choice to avoid issues later.

It's actually possible to lock the autologin down pretty tight, so it works only from that particular IP address and doesn't reveal your password. An attacker would basically have to get access to your computer to be able to use it (there are some other, mostly theoretical possibilities which require the attacker to be in a high enough position in a specific organization - and they'd still need some sort of access to your computer to steal the autologin token). Now, gaining remote access to someone's computer is not unheard of - there's a whole category of scammers who try to trick you into allowing them access on the pretense of providing technical support to some made-up problem. As well as various malware. But if you fall for a scam like that then you're vulnerable to a good old phishing attack as well.

**RitsukoSonoda** · 12-06-2020 09:22 AM

Originally Posted by tdb

It's actually possible to lock the autologin down pretty tight, so it works only from that particular IP address and doesn't reveal your password. An attacker would basically have to get access to your computer to be able to use it (there are some other, mostly theoretical possibilities which require the attacker to be in a high enough position in a specific organization - and they'd still need some sort of access to your computer to steal the autologin token). Now, gaining remote access to someone's computer is not unheard of - there's a whole category of scammers who try to trick you into allowing them access on the pretense of providing technical support to some made-up problem. As well as various malware. But if you fall for a scam like that then you're vulnerable to a good old phishing attack as well.

Honestly a very miniscule amount of account takeovers or unauthorized accesses are a result of actual hacking or malicious programs. The primary driving cause is usually human error or just natural stupidity and lack of common sense. Since people can't just go to a facility and install a better brain or more memory in themselves we aren't allowed to have nice things.

**tdb** · 12-08-2020 12:06 AM

Originally Posted by RitsukoSonoda

Honestly a very miniscule amount of account takeovers or unauthorized accesses are a result of actual hacking or malicious programs. The primary driving cause is usually human error or just natural stupidity and lack of common sense. Since people can't just go to a facility and install a better brain or more memory in themselves we aren't allowed to have nice things.

Indeed. For people who have at least half a clue autologin (or persistent session for websites) might actually be more secure. If something pretending to be the game or website is asking for credentials when it should have logged in automatically, it should raise some flags and prompt for checking extra carefully who is requesting the information. But of course most people don't do that and will give the scammer their password.

Thread: Minor Gripes You'd Like To See Changed or Fixed: A Thread

Thread Tools

Search Thread

Display

Hybrid View

Tags for this Thread