teo wrote:

During this week you may have noticed that you were asked to re-enter your password. We made some changes to the login process so that it is more secure. Now anyone who uses the "remember me on this computer" option will now have to re-enter their password after 2 weeks.

Distrexx wrote:

Right, don't really see the benefit in this. If i want to be rememberd on my computer, i expect it to be longer then 2 weeks.

But then again i can see the security upgrade in it. Also i can see the irritation in it after a few weeks...

meckah wrote:

I want to be logged in forever. Yeah logging in once per two weeks doesn't seem much, but considering how many sites does this in total the number of logins per day is quite a few. I don't like it.

SmotheredHope wrote:

It was so relaxing to be logged in for a full year until I had to re-login last week. If it adds security then I'm all for it though, despite the discomfort.

There's a site I use where you get kicked out if you don't perform an action in 15 minutes (or so). Now THAT'S annoying. :)

meckah wrote:

The "security" it adds is so marginal it is not worth it.

SmotheredHope wrote:

^^ Well, I wouldn't know to be honest.

jweijde wrote:

Again I don't see why time has to be spend on a security 'improvement' like this when there are so many issues that are MUCH more important.

SmotheredHope wrote:

^^ True

prancinghorse wrote:

I can only support what jweijde wrote, why wasting precious resources on this (minor) security improvement when we have long lists of burning issues (e.g. getting rid of V4) waiting for solution??

legumes-SALES wrote:

HTTPS

SmotheredHope wrote:

disregard, legumes-SALES expressed himself a little too short = misunderstanding. :)

SmotheredHope wrote:

disregard, legumes-SALES expressed himself a little too short = misunderstanding. :)

legumes-SALES wrote:

errrrrr


;)

legumes-SALES wrote:

should have posted: HTTPS please!

SmotheredHope wrote:

Yes, you should have. :) I thought you meant it was https finally. :)

V-12 wrote:

This new feature sucks of course. I've been remembered from my computer for years and never had any troubles. Now I will need to enter my password again too often? Crap.

shadowslip wrote:

this should get rid of the last few long timers that are causing trouble eh Teo. They won't beable to remember their password and probably using a new email.

just weeding huh.

i had so much faith here once

Mr.Mystery wrote:

Yeah, how dare they waste precious seconds of your life.

Really now...

shadowslip wrote:

you miss the point

TomKay wrote:

I'm not that fussed about logging in every two weeks, but I'm not mad keen on the fact that my system seems to reject my password now again for laughs even though it's exactly right...

Mr.Mystery wrote:

Uh huh.

shadowslip wrote:

living up to your name I see.


there's always one

teo wrote:

V-12, this is not a "feature". It's just a necessary change to keep things secure.

IntelliGiant wrote:

are there so many account security complaints from users to start this 'once per 2-week' pswrd re-enter?

as passwords surround modern people everywhere, and keeping the papersheet list of them is insecure, under some conditions (half-asleep & tired, drunk, excited by a girlfriend etc) remembering the pswrd may be VERY problematic

---1

simfonik wrote:

Get some sleep. Stop drinking so much. Pay attention to your girlfriend.

:)

deejsasqui wrote:

Indeed - the internet shouldn't keep you up at nights or keep you away from your girlfriend. Drinking .. that's up to you. =)

maxxyme wrote:

Use Firefox and its "Remember this login" feature.

vargind wrote:

what, are they hoping this will stop people randomly doing edits to the database in an incorrect manner ?

Sputnik86 wrote:

Why does this "feature" have to expire in the middle of a browsing session?
Just had it happen to me.

SmotheredHope wrote:

Just happened to me as well. I ignored it though and clicked away on my Discogs inbox and wasn't asked to log in. So this seems to be working so-so.

jweijde wrote:

Even such a seemingly simple thing as this can't be done right?
Shocking! But not surprising really...

the_electrician wrote:

I have to log in every time i visit, and keep getting warnings telling me to enable cookies when they already are. Cool upgrade, i feel very secure against being able to auto log into my account, but that's about it.

alex_s wrote:

Works for quite a while already:

https://www.discogs.com/users/login

meckah wrote:

Had to relogin today, guess what, it did not accept the password, it just threw me back to the "your session expired" or whatever it said. Had to delete the discogs cookie to be able to use my account again. I do not like that.

meckah wrote:

Just wrote a long reply to post in the forums, pressed preview, and it asked me to log in again. Guess what happened when I got to the preview? The message was not there. Fortunatly it could be gotten by using the back button and copied and then pressing reply again, but that just can't be right. This is annoying.

legumes-SALES wrote:

ok, first of all it did not work when I wrote the post you quoted. I tested it.

then again, thanks for the notice! wouldn't have noted it otherwise.


btw, the forum-quote function does not work, when using HTTPS for me (firefox3.0.1 / winxp), but works under HTTP for some reason.

alex_s wrote:

Yes, not all pages are working properly when using https, example:

https://www.discogs.com/submissions

The left pane shows less information compared to the http page and the links do not work.

Firefox 2 and IE6.

But at least you can transmit your login data encrypted now.