PASSWORD protection inefficient

  • Hi.

    The Password protection is completely inefficient as once you have entered the password, the browser remembers it, even if the browser is closed and the cache emptied.

    Which means that anybody accessing gte same computer at a later date can access password protected pages if someone has entered the password in a previous session.

    Any way around this?
    Thx

Viewing 6 replies - 1 through 6 (of 6 total)

  • Don’t save the password on your browser.

    Thread Starter ukhvc

    (@ukhvc)

    Thanks but I am not that thick…

    To get rid of the password I have to delete the cookie manually, something I cannot control on my user’s PC.

    Make sure as xcaballe said, that your browser isn’t remembering your password, and make sure you click a log out link to delete the cookie that WordPress uses to keep you logged in.

    You can disconnect your WordPress session using the “Logout” option (upper right edge on the WP admin screen). This will close your admin session.

    If by mistake you saved your WP password on the browser and you can’t delete it, the best thing you can do is changing your password on wordpress, making the saved password useless.

    Nevertheless, this is definitively an user error, not a wordpress error.

    Thread Starter ukhvc

    (@ukhvc)

    Hmm… maybe I am not very clear, I know how to set up my broser but I can’t control how other people who use my site and access the paswword protected session set up THEIR browser…

    and I think having to deactivate cookies is not the best solution. I don’t think it is an error, my bank online does not remember my password from one session to the other…

    ~r

    Thread Starter ukhvc

    (@ukhvc)

    Okay… Let me take you through:

    1. I have deleted all cookies; all passwords remembering setting closed and restarted Firefox.
    2. I open FF and go to the protected page.
    3. I am asked for the password, I enter it.
    4. The browser asks “Remember this password?” I click NEVER for this site.
    5. I access the protected page.
    6. I close the tab, close the FF browser which asks me to clear the private data, which I do but NOT the cookies (Why should I?)
    7. I reopen FF, go to the protected page and can open it without being asked for the password!

    The problem is in point 6:
    a) I have set up my browser to ask me every time I close if I want to clear the private data. Not everybody does that.
    b) Why should I have to delete cookies when I close? The WP cookie should be automatically deleted when I close the session.

    If I choose to delete cookies when I exit FF at stage 6, then the password is deleted and I have to input it again the next time. But as I said, I do not control what my users do…

    Thx

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘PASSWORD protection inefficient’ is closed to new replies.