"Remember me" vs Security
Have you ever wondered why LinkedIn prompts you for your password although you're already logged in and have checked your network updates? It's for security reasons. You'll find the same happening on Amazon, Expedia, etc. You open the website, you're automatically logged in, but then out of the blue, you have to enter your password. Small Improvements is now doing the same. Read and learn!
While passwords ensure that only the right person can access your account, typically you don't want to enter a password all the time. That's why most web applications have the little "remember me" feature turned on when you log in. Your browser will remember that you logged in, and the next day when you open the application, you're getting logged in automatically. That's why most web applications only grant so much access to people who have logged in via the "remember me" cookie. For instance on LinkedIn, you may read messages immediately, but in order to write messages or connect with new people, you will have to enter the password to confirm that this is really, really you.
In Small Improvements, we've built a similar feature. You can still use the remember-me feature to access Small Improvements content conveniently, so you can view your performance review, provide 360-degree feedback, and look at continuous feedback and so forth. But in order to perform administrative actions, you need to confirm your identity by entering your password.
- There are also some screens that will only display partial content. For instance, the review overview screens will list all the reviews, but they will not display the administration section at the bottom of the screen. A little yellow reminder informs you that you need to log in to see the admin buttons.
- Note: If you only have 1 user in the system (yourself!), we'll assume that you're still evaluating Small Improvements, and we won't apply the above. It will make your evaluation more convenient. But once you invite another person, all the above applies.
If you feel that your system should not use "remember me" at all, you can disable the checkbox and the ability to log in via such a cookie on the security section of the advanced settings dialog.