LDS Account Security Restrictions

LDS Account is the primary user account (user name and password) for accessing online Church resources. This forum is a space to discuss all things related to LDS Account (registration, account recovery, user experience, vulnerabilities, etc.).
robmerrill
New Member
Posts: 3
Joined: Mon Mar 18, 2013 9:06 am

LDS Account Security Restrictions

Postby robmerrill » Mon Jan 20, 2014 10:34 am

Please please please open up the security restrictions on LDS Account. Allow a "remember me" box and/or allow login via Google account, facebook, linkedin or other methods.

My BANK has easier login protocol than the church. Please make it EASIER for people to login. Every family history class I have attended spends 15-20 min discussing password reset since people have their login but don't remember it and it's very hard to get password reset codes especially on shared church computers ("now, go to your email account for a password"... "i don;t know my email password... on my computer at home I just click 'email'.".... "uhhh.... well, good luck"

Also, can you tie logins to IP address/MAC address? If I am in the lds app on my phone, then go to lds tools from the same device three seconds later, it's STILL me. If i jump to LDS.org in the browser... yep, STILL me.

User avatar
aebrown
Community Administrator
Posts: 14693
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

Re: LDS Account Security Restrictions

Postby aebrown » Mon Jan 20, 2014 11:07 am

[Moderator note: I split this topic from the LDS Account topic where it was originally posted in the LDSTech Featured Article Discussions forum section, since it deals with a different specific issue, and this forum section is certainly more appropriate.]
robmerrill wrote:Please please please open up the security restrictions on LDS Account. Allow a "remember me" box and/or allow login via Google account, facebook, linkedin or other methods.

The Church has decided that it wants tighter restrictions than those sites you mention, including the choice NOT to have a "remember me" box. Remember that some people can do very powerful things with their LDS Account (view confidential membership records, submit missionary papers, move people's membership records, etc.). So you're welcome to ask, but I just don't believe the Church will ever make its login as relaxed as Facebook's.

robmerrill wrote:My BANK has easier login protocol than the church.

Interesting. My bank has an almost identical login protocol as the Church's. My bank's site has an even quicker timeout, and it doesn't allow my username or password to be remembered by the browser.

Now you could argue that the Church's security shouldn't be as tight as a bank, but I believe the Church is following rather standard industry protocols for a secure site.

robmerrill wrote:Please make it EASIER for people to login. Every family history class I have attended spends 15-20 min discussing password reset since people have their login but don't remember it and it's very hard to get password reset codes especially on shared church computers ("now, go to your email account for a password"... "i don;t know my email password... on my computer at home I just click 'email'.".... "uhhh.... well, good luck"

A big part of the challenge you are describing is the one faced by anyone using a public computer (whether at an Internet cafe, or a public library, etc.). On your home computer, you are used to the default email client, and you might stay signed in to your email program or website all the time. That certainly makes life easier for checking email sent as part of a password reset. But those aren't options for public computers.

It's a very standard security procedure to connect password resets to an email sent to the registered, confirmed email address. What would you propose to do differently?

robmerrill wrote:Also, can you tie logins to IP address/MAC address? If I am in the lds app on my phone, then go to lds tools from the same device three seconds later, it's STILL me. If i jump to LDS.org in the browser... yep, STILL me.

That's not the way browsers work. I suppose the Church could conceivably create some sort of plugin to tie the browser login to the app login, but the installation of such a plugin is likely to be more hassle for the user than it is worth and would create even more security risks.


Return to “LDS Account”

Who is online

Users browsing this forum: No registered users and 1 guest