|
4
1
|
Hi, I'm creating a login screen and was wondering what the best practice is for having a "remember me" checkbox. I've noticed that a few sites don't even have one, like: But plenty still do, like: It seems like the most sensible thing to do is ask people whether they want to stay logged in, but is there any reason you might design it like Vimeo or Tumblr? |
||||||
|
|
2
|
I believe that it is valuable to generate repeat visits by your users to provide the remember me functionality. I also agree that the best way to do it is to have it checked by default (like Google does, as mentioned by Zoltán). The only time that I don't think it is good to have it checked by default is when you are dealing with a security critical application, like banking. However, my personal opinion is to still provide the option, because intelligent users are going to know when it is safe to check that checkbox and when it isn't. When I am using my home computer, the only place I really do any online banking, I don't see why I can't have it remember who I am. You could maybe find a way to make it a little bit harder to activate in those situations, but that would be an entirely new paradigm to think about. The most important thing to do with remember me functionality is that it needs to work. Sites that have a checkbox that really does nothing (Twitter comes to mind) are incredibly annoying. |
||
|
|
|
2
|
This is a good question, recently raised by David Heinemeier at 37signals as well. I agree with you that we should ask our users whether they want to stay logged in. Though your approach should be based on the nature of the application you're designing and the audience that will use it. You can also consider a best of both world solution: use the "remember me" checkbox but check it by default. This is used by Google as well. |
||
|
|
|
2
|
The question has also been raised in a recent-ish ThoughtBot blog post. They asked their small community to give their opinion about the behavior of the "remember me" checkbox for their Rails authentication gem. Here: Blossom the lovely stars, the forget-me-nots of the angels The comments are pretty good in there. |
||
|
|
|
2
|
A slightly different opinion here and one based on the fact I'm currently reading Fogg's Persuasive Technology about credibility of computers. The actually feature is a user set yes/no to writing a client-side cookie to reauthenticate future sessions. But obviously you can't ask users "Do you want me to write a cookie?" ... however I'm wondering out loud if "Remember me?" is the best language. I would like to do some user testing with this, but what does that actually mean to people? Does the implied meaning properly communicate what the feature does and the security/privacy implications? Thinking about the flip side, does not checking that box mean "I want you to forget about me". That approach may better define the function and consequences of the feature .. but how do people feel about asking an application to actually forget about them? Sorry if I'm not explaining this properly - I'm just coming from the angle of perceived intelligence in technology and how a "forgetful" application could be seen as potentially untrustworthy as much as an application that you have to explicitly tell to remember who you are. |
||||||
|
|
1
|
Even if you don't remember the password, you should remember the login/email. Meet the user halfway. What is really interesting is the combination of the browser "remember this password" functionality and the server equivalent. Go to any random machine and launch firefox. Check the saved passwords. There is WAY too much info there considering how much people reuse the same password. Also consider how Amazon and LinkedIn do it. You are mostly logged in as you. But when you try to do something other than browse, you get the login at that point. |
|||||||||||||||||
|
