4

Just saw a site which said "Remember me for 3 weeks". Some of the email sites like Yahoo or Gmail offer 2 - 3 weeks as this duration. What would be an apt duration for a site which will be predominantly used by children ?

Michel
  • 490
  • 4
  • 11
Joe
  • 14,513
  • 28
  • 82
  • 144

1 Answers1

0

It depends on what you are protecting. The tradeoff, as you aware is between security and making life easy for users.

If this site doesn't contain sensitive data, and the user is on a home pc, it may make sense to set it to a very long time to make it easy for the child.

If the site contains sensitive information, say a bullying reporting site, it may make sense to protect the logon a bit more strongly.

Rory Alsop
  • 1,441
  • 25
  • 38
  • I agree, but would argue that the difference between 'dont remember me at all' and 'remember me for an hour' is bigger than the difference between 1 day and 3 weeks. The main security risk is imho posed by public terminals (internet cafes, universities), with the user imediatly logging on after you as the 'attacker'. So it seems to me that there are the alternatives: 'as long as possible' and 'not at all' – keppla May 31 '11 at 12:14
  • From a security perspective I totally agree with you, unfortunately real world demands from users mean we never get 'ideal' security :-) – Rory Alsop May 31 '11 at 18:29