LDS.ORG Auto-complete Disabled?

Discuss ideas and suggestions around the LDS.org website.
User avatar
srasay2
New Member
Posts: 9
Joined: Mon Jan 03, 2011 4:27 pm
Location: Caldwell, ID, USA
Contact:

LDS.ORG Auto-complete Disabled?

Postby srasay2 » Wed Sep 12, 2012 2:05 pm

Why has the SSO login page for LDS.org had that code added in?

It is a pain for people who are in and out all day, every day, managing the sites for a temple-based Stake Center to have that removed....I realize that it is a potential security threat, but really...having that ability to store userid/pw in Chrome was a benefit, and when you get 75-100 building requests from NON-stake groups per month, and have to coordinate the calendar for all of these activities, it is a hindrance that was not necessary.

My online banking and trading sites, sure, but lds.org...

My $0.02...

Rich

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Wed Sep 12, 2012 2:37 pm

srasay2 wrote:Why has the SSO login page for LDS.org had that code added in?


The challenge with LDS.org is that when some people sign in, they have very powerful permissions that are in many ways more important than your online banking sites. Sure, for a regular member, it's a bit more hassle on occasion, but the security is more important than the convenience, in my opinion.

Here on this forum, I read repeated pleas from many, many people to move more administrative functions to LDS.org. At some point, ward and stake financial functions will even be moved online. As you're signing in, the form has no idea what your permissions are, so it's obviously impossible to disable auto-complete for people with high-risk accounts and enable it for others, when you haven't even signed in yet. With more and more capabilities moved to LDS.org comes more responsibility for security, and in this case a bit more effort required to sign in.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Wed Sep 12, 2012 2:48 pm

While auto-complete is disabled for the browser, the ability for third part applications to auto-fill is still available. This may be of little consolation for those using church computers where this type of software is not normally installed just for user convenience. But it is an option for home use. The stake president can authorize the installation of this type of software on stake controlled administrative computers.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

russellhltn
Community Administrator
Posts: 20734
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Postby russellhltn » Wed Sep 12, 2012 4:15 pm

jdlessley wrote:The stake president can authorize the installation of this type of software on stake controlled administrative computers.


But a shared computer is exactly the situation where you don't want to have that software installed.

My suggestion is simply don't log out. If you come back to it before the auto-logout kick in, then you're already in.
Have you searched the Wiki?
Try using a Google search by adding "site:tech.lds.org/wiki" to the search criteria.

User avatar
srasay2
New Member
Posts: 9
Joined: Mon Jan 03, 2011 4:27 pm
Location: Caldwell, ID, USA
Contact:

Postby srasay2 » Wed Sep 12, 2012 4:18 pm

Thanks for the reply. I knew/know going into the posting that it is not something that will ever change back... security as in all things virtual or physical, is as good as the user is vigilant. If you are the kind of person who is putting your PC in high risk situations, then disabling the form is not going to change trojan/malware keystroke trackers, and poor judgement (read stupidity). I understand all the reasons why, but at the same time, it's kind of a hollow gesture giving the illusion of higher security. If the church wants clerks and exec. secs. to have true security, then RSA-like or soft token measures should be implemented to create a two-factor authentication.

Anyway - onward and upward!

Cheers Techies!

Rich

veehb
Member
Posts: 51
Joined: Sun Aug 15, 2010 9:06 am
Location: Taylorsville, Utah, USA

Postby veehb » Fri Oct 05, 2012 9:12 am

This has bothered me ever since this was changed a month or so ago. I get into LDS.org several times a day, as a Stake Executive Secretary, and appreciate not having to go to the Stake Center to look up names, addresses, phone numbers, priesthood, current callings, etc. for the members of our stake.

It is a bit of a hassle to have to stop and type in my user name and password each time I log in. I agree that security is important, but as mentioned above there are more secure logins that can be used for those with need to access the more sensitive areas of the database.

I wish they would show more detail in the Directory. But, I can usually find what I need by going to Leader Resources and then finding the member under Member Lookup. I find it a two step login process to get to Leader Resources.

This is a great resource and I appreciate the Church making this possible so that more of our church work can be done from home.

jdlessley
Community Moderators
Posts: 6522
Joined: Sun Mar 16, 2008 11:30 pm
Location: USA, TX

Postby jdlessley » Fri Oct 05, 2012 9:52 am

veehb wrote:I find it a two step login process to get to Leader Resources.
What are you doing that requires you to log on twice. I only need to do it once.
JD Lessley
Have you tried finding your answer on the LDS.org Help Center page or the LDSTech wiki?

User avatar
aebrown
Community Administrator
Posts: 14685
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Postby aebrown » Fri Oct 05, 2012 10:26 am

jdlessley wrote:What are you doing that requires you to log on twice. I only need to do it once.


It's a two step process, which doesn't mean that it requires you to sign in twice. The point is that for the general tools such as Calendar, Directory, Newsletter, etc., you can use the "Sign In/Tools" menu to choose your tool, then you will be prompted to sign in, at which point you will be in the selected tool.

But with Leader Resources and other tools unique to your calling, you have to use "Sign In/Tools" and choose the "Sign In" button, then you can choose the "(your name)/Tools" menu again, which now has "Leader Resources" as an option, which you can choose to go to Leader Resources. It does require an extra step over the general tools. But that's how it's always worked, and is not relevant to the topic of this thread, since only one sign-in is required, and that sign in takes the same amount of effort, regardless of what tool you are using.
Questions that can benefit the larger community should be asked in a public forum, not a private message.

aclawson
Senior Member
Posts: 712
Joined: Fri Jan 19, 2007 6:28 pm
Location: Commerce Twp, MI

Postby aclawson » Sun Oct 21, 2012 1:34 pm

For something requiring any enhanced security two-factor authentication should at the very least be made available, if not required.


Return to “LDS.org Website”

Who is online

Users browsing this forum: No registered users and 1 guest