"Remember me" vs Security

Have you ever wondered why LinkedIn prompts you for your password although you're already logged in and have checked your network updates? It's for security reasons. You'll find the same happening on Amazon, Expedia etc. You open the website, you're automatically logged in, but then out of the blue you have to enter your password. Small Improvements is now doing the same. Read and learn!

While passwords ensure that only the right person can access your account, typically you don't want to enter a password all the time. That's why most web applications have the little "remember me" feature turned on when you log in. Your browser will remember that you logged in, and the next day when you open the application, you're getting logged in automatically. This is convenient. But it's not very secure! What if you lose your computer? What if someone hacks your computer, and fires up your browser? They will be able to log in as you now!

It's annoying when the thief can browser your private Facebook photo collection. It's pretty bad if they can see your LinkedIn information and read your personal messages. But it's a lot worse if they gain administration access to your company account and start deleting stuff, define a new password for the CEO and VPs and then start impersonating them. You don't want that to happen!

That's why most web applications only grant so much access to people who have logged in via the "remember me" cookie. For instance on LinkedIn, you may read messages immediately, but in order to write messages or connect with new people, you will have to enter the password to confirm that this is really, really you.

In Small Improvements, we've built a similar feature. You can still use the remember-me feature to access Small Improvements content conveniently, so you can view your performance review, provide 360 degree feedback, and look at continuous feedback and so forth. But in order to perform administrative actions, you need to confirm your identity by entering your password.

There are also some screens that will only display partial content. For instance, the review overview screens will list all the reviews, but they will not display the administration section at the bottom of the screen. A little yellow reminder informs you that you need to log in to see the admin buttons.

Note: If you only have 1 user in the system (yourself!), we'll assume that you're still evaluating Small Improvements, and we won't apply the above. It will make your evaluation more convenient. But once you invite another person, all the above applies.

If you feel that your system should not use "remember me" at all, you can disable the checkbox and the ability to log in via such a cookie on the security section of the advanced settings dialog.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us