LDS.ORG Auto-complete Disabled?

Discuss ideas and suggestions around the Church website.
User avatar
srasay2
New Member
Posts: 9
Joined: Mon Jan 03, 2011 4:27 pm
Location: Caldwell, ID, USA
Contact:

LDS.ORG Auto-complete Disabled?

#1

Post by srasay2 »

Why has the SSO login page for LDS.org had that code added in?

It is a pain for people who are in and out all day, every day, managing the sites for a temple-based Stake Center to have that removed....I realize that it is a potential security threat, but really...having that ability to store userid/pw in Chrome was a benefit, and when you get 75-100 building requests from NON-stake groups per month, and have to coordinate the calendar for all of these activities, it is a hindrance that was not necessary.

My online banking and trading sites, sure, but lds.org...

My $0.02...

Rich
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#2

Post by aebrown »

srasay2 wrote:Why has the SSO login page for LDS.org had that code added in?

The challenge with LDS.org is that when some people sign in, they have very powerful permissions that are in many ways more important than your online banking sites. Sure, for a regular member, it's a bit more hassle on occasion, but the security is more important than the convenience, in my opinion.

Here on this forum, I read repeated pleas from many, many people to move more administrative functions to LDS.org. At some point, ward and stake financial functions will even be moved online. As you're signing in, the form has no idea what your permissions are, so it's obviously impossible to disable auto-complete for people with high-risk accounts and enable it for others, when you haven't even signed in yet. With more and more capabilities moved to LDS.org comes more responsibility for security, and in this case a bit more effort required to sign in.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#3

Post by jdlessley »

While auto-complete is disabled for the browser, the ability for third part applications to auto-fill is still available. This may be of little consolation for those using church computers where this type of software is not normally installed just for user convenience. But it is an option for home use. The stake president can authorize the installation of this type of software on stake controlled administrative computers.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
russellhltn
Community Administrator
Posts: 34418
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

jdlessley wrote:The stake president can authorize the installation of this type of software on stake controlled administrative computers.

But a shared computer is exactly the situation where you don't want to have that software installed.

My suggestion is simply don't log out. If you come back to it before the auto-logout kick in, then you're already in.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
User avatar
srasay2
New Member
Posts: 9
Joined: Mon Jan 03, 2011 4:27 pm
Location: Caldwell, ID, USA
Contact:

#5

Post by srasay2 »

Thanks for the reply. I knew/know going into the posting that it is not something that will ever change back... security as in all things virtual or physical, is as good as the user is vigilant. If you are the kind of person who is putting your PC in high risk situations, then disabling the form is not going to change trojan/malware keystroke trackers, and poor judgement (read stupidity). I understand all the reasons why, but at the same time, it's kind of a hollow gesture giving the illusion of higher security. If the church wants clerks and exec. secs. to have true security, then RSA-like or soft token measures should be implemented to create a two-factor authentication.

Anyway - onward and upward!

Cheers Techies!

Rich
veehb
Member
Posts: 74
Joined: Sun Aug 15, 2010 10:06 am
Location: Taylorsville, Utah, USA

#6

Post by veehb »

This has bothered me ever since this was changed a month or so ago. I get into LDS.org several times a day, as a Stake Executive Secretary, and appreciate not having to go to the Stake Center to look up names, addresses, phone numbers, priesthood, current callings, etc. for the members of our stake.

It is a bit of a hassle to have to stop and type in my user name and password each time I log in. I agree that security is important, but as mentioned above there are more secure logins that can be used for those with need to access the more sensitive areas of the database.

I wish they would show more detail in the Directory. But, I can usually find what I need by going to Leader Resources and then finding the member under Member Lookup. I find it a two step login process to get to Leader Resources.

This is a great resource and I appreciate the Church making this possible so that more of our church work can be done from home.
jdlessley
Community Moderators
Posts: 9858
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#7

Post by jdlessley »

veehb wrote:I find it a two step login process to get to Leader Resources.
What are you doing that requires you to log on twice. I only need to do it once.
JD Lessley
Have you tried finding your answer on the ChurchofJesusChrist.org Help Center or Tech Wiki?
User avatar
aebrown
Community Administrator
Posts: 15153
Joined: Tue Nov 27, 2007 8:48 pm
Location: Draper, Utah

#8

Post by aebrown »

jdlessley wrote:What are you doing that requires you to log on twice. I only need to do it once.
It's a two step process, which doesn't mean that it requires you to sign in twice. The point is that for the general tools such as Calendar, Directory, Newsletter, etc., you can use the "Sign In/Tools" menu to choose your tool, then you will be prompted to sign in, at which point you will be in the selected tool.

But with Leader Resources and other tools unique to your calling, you have to use "Sign In/Tools" and choose the "Sign In" button, then you can choose the "(your name)/Tools" menu again, which now has "Leader Resources" as an option, which you can choose to go to Leader Resources. It does require an extra step over the general tools. But that's how it's always worked, and is not relevant to the topic of this thread, since only one sign-in is required, and that sign in takes the same amount of effort, regardless of what tool you are using.
Questions that can benefit the larger community should be asked in a public forum, not a private message.
aclawson
Senior Member
Posts: 760
Joined: Fri Jan 19, 2007 6:28 pm

#9

Post by aclawson »

For something requiring any enhanced security two-factor authentication should at the very least be made available, if not required.
terrygordonspurrier
New Member
Posts: 1
Joined: Sun Oct 30, 2016 2:55 pm

Re: LDS.ORG Auto-complete Disabled?

#10

Post by terrygordonspurrier »

I appreciate the churches diligent s in its desire to protect personal and financial information. You used the example of personal bank and other financial information. I can still access my bank and Discover information with auto save. Lets not get to the obsurd level of security of Apply Products; remember the FBI cracked their security protocols. If someone wants to, they will crack security protocols. Perhaps it would be wise to have a different login in process with the church financial record when are available. I think it is important to remember that we are volunteering our time. That is my 2 cents.
Post Reply

Return to “Main Church Website”