The autologin feature has been disabled for the following two reasons:

1. Those on AOL experienced a lot of problems as their IP addresses keep changes making the auto log-in feature useless

2. There is a remote possibility that those sharing IP addresses could be subjected to "identity theft". Ensuring that sessions exprire each time the browser is closed reduces this possibility.

Mark

Hi there...

I agree... I am hardly ever on this site now...I used to visit numerous times in the day...now hardly ever as its a pain logging in...

Lisa

So, let us recap:

One ISP's (out of around 80 ISPs) members were experiencing problems with the auto log-in not working for them, and there's a remote possibility of shared IPs having a problem with identity theft.

Mmmm.

Mark

You asked why and I gave you the answer

We will not let the security of the members data be compromised. Logging in to activate a session is a minimal inconvenience compared to the hassle of somebody being able to log in using your credentials.

Do you have to log in each time you use internet banking? Would you feel safe using it if there is a remote possibility that secruity is compromised?

Mark

I not only dislike this new log in every time, and it takes only a few seconds I know, if you can log in at all, Mark helped me log back in again remotely (thank you again Mark HT Mod) but the next day problems again, would not except my log in, this morning at 6.30 am Cyprus time I get in with the same log in name and password, Mark there is still problems and for many of us it is a pain, if this is done for security reasons it will work, because many of us will give up and go away as I nearly have, and I think that would be a shame.

I vote put the auto sign in back on, just warn members if they are concerned about on line theft to log out, this will give them the choice and the rest of us no more problems..

Respects of course.

This is not working as when I put my user name in my password comes on automatically when I click the box.

qatarman wrote:

when I put my user name in my password comes on automatically

This will almost certainly be down to your computer, not the forum.
You will have been asked, at some stage, if you wanted Windows to remember the password.

Mark

I have not noticed anything different.

I am permanently logged in on mine.

I have a MacBook maybe that's why.

Jim wrote:

I vote put the auto sign in back on

This, from someone who runs a phpBB forum.
Thanks, Jim!
Which part/parts of a persons identity can be gleened due to not being logged off from this forum?

Bank account details - no
Credit card details - no
Address - no
Date of birth - possibly
NI number - no
Ebay or Paypal details - no
Inside leg measurement - only if you posted it, then it is open to all and sundry anyway.

All that is at risk is that someone could log in and post on this forum using your ID. How likely is that? There's no profit in it.

Any more in favour of reverting to auto log-in?
I'm with Jim. If you are worried about this then log out manually.
And I always log out manually from my bank before I leave the site. I don't leave it for a "auto time-out" to do it for me.

Yes, bring back auto log-ins.

Methinks the mods are paranoid.

They won't even allow Google Earth images! Even though GE say "You can personally use an image from the application (for example on your website, on a blog or in a word document) as long as you preserve the copyrights and attributions including the Google logo attribution." These images are invaluable on a holiday website.

Marion

HI all
I work in the IT industry so therefore I am all for tighter security on the internet & data protection, I just cannot see what data could be stolen should someone be able to hack our HT accounts. I do think this is overkill on security.

I really think the mods should have a week long vote for all users, asking whether we should stay as we are with manual logins or or revert back to auto logins. & whatever the outcome we all accept it.

gazz

So what would happen if some kid managed to get the identity of one of the Admin or Mods accounts? It is mostly the script kiddies that hack discussion forums.

Once you have access to the Admin account you can get rid of the forum with just a few mouse clicks and all the hard work done over the past years will be destroyed. Yes we can use the latest database back-up to restore matters, but this will cause more inconvenience than having to log in each time you visit HT.

Also, please remember that unlike some other forums on the web, our session lasts longer than 60 minutes. So even after more than 60 minutes inactivity, you will be logged in until such time you close the browser or decide to log out.

We run a very popular discussion board here (the number of members and posts should give you a clue) and that attracts all sorts.

Whilst Google might not be interested if you have posted one of their pictures on your home website that has some 1000 visits per year, they would me more interested in challenging us if finding images that potentially could infringe their copyright. Unfortunately their copyright disclaimer is not as clear when reading it correctly.

However, you cannot sell these to others, provide them as part of a service, or use them in a commercial product such as a book or TV show without first getting a rights clearance from Google.

Mark

Mark good morning and thank you for your explanation on this, but I run a Pafos based site as you may know now and for a small area of Cyprus it has over two and a half thousand hits per day, we have never had any problems at all, it is the same format as HT a phpBB, and I really cant see how anyone could delete this site without some inside info that we the admin would have to give out, for a start they would have to get by our server, even I have problems doing that at times...

But if you think this could compromise the running of HT then this is what you must do, but I can say it is causing problems as you are aware of, and the need to remember your log in all the time is very off putting to most of us, many like myself visit many web sites on Cyprus and this one is the only one I visit that has this kind of restrictions..my last post on this, I know you must be a busy chap.

log-in every time is it really necessary?

Jim,

Without going into too much detail, as you well know, you don't have to have access to the server in order to delete posts. Even with moderator permissions you can delete all topics in a forum with just a few clicks.

If you look into the coding of phpBB you may understand how somebody sharing the same IP as yourself could get access to your account when autlogin is enabled.

Mark

I have noticed a marked DECREASE in activtiy since the disabling of the auto log-in.
It could be co-incidental as it is past the holiday season.

Mark

I have to agree here, I find it a pain having to log in each time, two main reasons - I set my user preferences so I wouldnt have to see the Halloween, etc backgrounds when I entered the site and two so I could come direct to Cyprus Forum.

Agree logging in is a pain.
Re the google thing I did raise this issue some time ago. The way I read things google dont object to sites such as this using their images. I dont supose anybody from HT has ever contacted them to clarify the point.
Ah well paranoia rules OK

nick

I dont supose anybody from HT has ever contacted them to clarify the point.
Ah well paranoia rules OK

Nick that is a very negative attitude to a forum that tries its best to help people.

It doesn't help.

Sarah

hi to all....i can not understand why some people are making such a big issue over logging in,if it is for security reasons i can not see the need for all the fuss.
let the people who know best decide.
regards to you all..................john-doe.........