Page 1 of 2
LDS.ORG Auto-complete Disabled?
Posted: Wed Sep 12, 2012 2:05 pm
Why has the SSO login page for LDS.org had that code added in?
It is a pain for people who are in and out all day, every day, managing the sites for a temple-based Stake Center to have that removed....I realize that it is a potential security threat, but really...having that ability to store userid/pw in Chrome was a benefit, and when you get 75-100 building requests from NON-stake groups per month, and have to coordinate the calendar for all of these activities, it is a hindrance that was not necessary.
My online banking and trading sites, sure, but lds.org...
Posted: Wed Sep 12, 2012 2:37 pm
srasay2 wrote:Why has the SSO login page for LDS.org had that code added in?
The challenge with LDS.org is that when some people sign in, they have very powerful permissions that are in many ways more important than your online banking sites. Sure, for a regular member, it's a bit more hassle on occasion, but the security is more important than the convenience, in my opinion.
Here on this forum, I read repeated pleas from many, many people to move more administrative functions to LDS.org. At some point, ward and stake financial functions will even be moved online. As you're signing in, the form has no idea what your permissions are, so it's obviously impossible to disable auto-complete for people with high-risk accounts and enable it for others, when you haven't even signed in yet. With more and more capabilities moved to LDS.org comes more responsibility for security, and in this case a bit more effort required to sign in.
Posted: Wed Sep 12, 2012 2:48 pm
While auto-complete is disabled for the browser, the ability for third part applications to auto-fill is still available. This may be of little consolation for those using church computers where this type of software is not normally installed just for user convenience. But it is an option for home use. The stake president can authorize the installation of this type of software on stake controlled administrative computers.
Posted: Wed Sep 12, 2012 4:15 pm
jdlessley wrote:The stake president can authorize the installation of this type of software on stake controlled administrative computers.
But a shared computer is exactly the situation where you don't
want to have that software installed.
My suggestion is simply don't log out. If you come back to it before the auto-logout kick in, then you're already in.
Posted: Wed Sep 12, 2012 4:18 pm
Thanks for the reply. I knew/know going into the posting that it is not something that will ever change back... security as in all things virtual or physical, is as good as the user is vigilant. If you are the kind of person who is putting your PC in high risk situations, then disabling the form is not going to change trojan/malware keystroke trackers, and poor judgement (read stupidity). I understand all the reasons why, but at the same time, it's kind of a hollow gesture giving the illusion of higher security. If the church wants clerks and exec. secs. to have true security, then RSA-like or soft token measures should be implemented to create a two-factor authentication.
Anyway - onward and upward!
Posted: Fri Oct 05, 2012 9:12 am
This has bothered me ever since this was changed a month or so ago. I get into LDS.org several times a day, as a Stake Executive Secretary, and appreciate not having to go to the Stake Center to look up names, addresses, phone numbers, priesthood, current callings, etc. for the members of our stake.
It is a bit of a hassle to have to stop and type in my user name and password each time I log in. I agree that security is important, but as mentioned above there are more secure logins that can be used for those with need to access the more sensitive areas of the database.
I wish they would show more detail in the Directory. But, I can usually find what I need by going to Leader Resources and then finding the member under Member Lookup. I find it a two step login process to get to Leader Resources.
This is a great resource and I appreciate the Church making this possible so that more of our church work can be done from home.
Posted: Fri Oct 05, 2012 9:52 am
veehb wrote:I find it a two step login process to get to Leader Resources.
What are you doing that requires you to log on twice. I only need to do it once.
Posted: Fri Oct 05, 2012 10:26 am
jdlessley wrote:What are you doing that requires you to log on twice. I only need to do it once.
It's a two step
process, which doesn't mean that it requires you to sign in twice. The point is that for the general tools such as Calendar, Directory, Newsletter, etc., you can use the "Sign In/Tools" menu to choose your tool, then you will be prompted to sign in, at which point you will be in the selected tool.
But with Leader Resources and other tools unique to your calling, you have to use "Sign In/Tools" and choose the "Sign In" button, then you can choose the "(your name)/Tools" menu again, which now has "Leader Resources" as an option, which you can choose to go to Leader Resources. It does require an extra step over the general tools. But that's how it's always worked, and is not relevant to the topic of this thread, since only one sign-in is required, and that sign in takes the same amount of effort, regardless of what tool you are using.
Posted: Sun Oct 21, 2012 1:34 pm
For something requiring any enhanced security two-factor authentication should at the very least be made available, if not required.
Re: LDS.ORG Auto-complete Disabled?
Posted: Sun Feb 05, 2017 10:54 am
I appreciate the churches diligent s in its desire to protect personal and financial information. You used the example of personal bank and other financial information. I can still access my bank and Discover information with auto save. Lets not get to the obsurd level of security of Apply Products; remember the FBI cracked their security protocols. If someone wants to, they will crack security protocols. Perhaps it would be wise to have a different login in process with the church financial record when are available. I think it is important to remember that we are volunteering our time. That is my 2 cents.