User rant: I hate where this new Internet is going. Instead of having a username and a few secure hardware tokens that I can use to log in from any internet cafe [1] on the planet, I am now subjected to a barrage of suspicious "Is this you? Is this really you? Are you sure this is you?" inquiries every time I so much as take a trip out of state. It seems like the next step will be a requirement to show a Government ID every time I access the Internet from outside my house.
"Passwords are insecure" is not a good enough rebuttal to this, honestly. We have far more robust authentication methods available; and it's possible to make them standard and avoid this "Remember me" nonsense. Instead, we get all of it for what seems to be the sole purpose of even more user tracking.
"Is this you?" mode is (now) called Risk-based Authentication [1] [2] [3], although it's been around in various forms for over 15 years. It's an important part of defense-in-depth for user-facing application security. Without it, it would be much easier to attack the vast majority of user accounts, because most people are not as secure as you might be, and authentication methods and strengths/weaknesses vary.
HN tends to completely ignore all of the real problems these solutions solve. They live in some fantasy land where organised cybercrime isn’t crippling the lives of thousands daily.
Well I think we should consider their experience is different. Many live in either the startup-land where attacks are rare and trivial, or in user-land where the attacks are just in the news, not affecting them. They don't see the daily nation-state attacks, massive botnet operations, spear-phishing campaigns, persistent multi-vector campaigns, ransomware, illicit mining operations, Amazon-laundered cybercrime. They just assume that nobody wants to hack them, so why does security need to be so difficult? And companies don't do a good job of telling people what kind of risks they are shutting down because it would scare the fuck out of people.
The problem is that the barrage of "Is this really you?" checks desensitises people to putting in passwords, 2FA tokens, clicking on captchas and other such things.
Most people on HN are American so have no direct experience or knowledge of terrorism, but in the UK a favourite trick of Republican terrorists was to call in hoax bomb threat after hoax bomb threat, causing massive disruption with maybe only one or two real devices for every dozen or so incidents. People got a bit blasé about it, so when the real attacks happened they were much worse than they would otherwise have been.
If you continually blast users with "OMG CRIMINALS MIGHT BE STEALING YOUR DATA CLICK HERE TO STOP THEM" then you're just priming them to be a big fat source of information when a suitably-crafted attack site pops up its message.
I agree that's a problem. But as long as I've been around, theres' always been a fine line between usability and security. You introduce one change to fix one problem and it creates another. You try to simplify and end up over-simplifying. You give users more control and they choose convenience over security, which for a very large population or critical infrastructure has larger ripple effects (every compromise is a foothold into another compromise). There are other solutions, like FIDO2 with a hardware token and approval button, but that has its own drawbacks and adoption is slow. Every solution is kinda sucky :(
Agreed, but to add a little more nuance to it; we live in tech-land, which we would _like_to be separate from mass-adoption-land. The lowest common denominator ruins it increasingly more, the further away (up) you go.
This is why we see things like Gemini popping up. It's an attempt to set the bar at "do you _really_ want in on this, even though it doesn't have pretty flashing pictures and the toktiks?".
I'm not judging either way, but I sure did like it before the web got utility status.
Security is the kind of thing where it doesn’t matter up until it really matters.
So you can complain about Google applying additional security but when the obscure npm package you installed steals your passwords and google blocks the login because it was from a known bad IP in Russia, you’ll be thankful it exists.
Doubt many Gemini sites are using Node.js on the backend, obscure packages or otherwise.
Also given that installing npms willy-nilly is your go-to example for security risk, maybe that should have a hasslewall around it instead of username:password authentication:
"You are attempting to install a node package for trivially-implemented behavior. To prove your computer-literacy, enter a javascript function that accepts a string as an argument and returns only the characters with prime-numbered indices."
For what it's worth, I explicitly designated the original post as a user rant. I am accurately playing a user by not caring about all the "real problems" these solutions solve. If I'm continually locked out of my devices and websites just because I'm traveling, that causes genuine inconvenience to me.
Ironically, by painting your users as "living in a fantasy land" rather than "focusing on their own business, which doesn't involve taking down large-scale cybercrime", you're the one being unrealistic. A normal user does not know or care what large-scale problems can be solved by the inconvenience they are currently facing.
What I hate the most about this is that “is this you” is triggered apparently on a browser version change, which can be up to two times a week.
On top of that, with apple private relay, an iPhone’s IP address changes quite frequently.
Another guilty site is Amazon. As long as you want to buy another phone, they are OK with your session, but if you want to check your order history, suddenly they are not so sure about your identity — no investigate, only buy…
Thanks to lovely "2FA" methods (more likely RFA) like described here, I am currently locked out of my 15+ year old Google account that I no longer use, as they require me to provide them a verification code from an old Android phone I sold over 5 years ago. I contacted Google support - they can't do nothing, even though I could provide every single piece of data about the account imaginable - including stuff like the IP ranges that the account was accessed from most of the time, devices linked etc. - sadly, I suspect no real human sits in front of their support chat...
I was locked out of my 10+ year old google account for daring to use IMAP to access gmail from unknown networks and ignoring the "is this you?" emails for a while. I'd all but given up on it until I got a brand new Pixel a couple years back, I figured I'd try logging in with the last password I remembered working and it just worked, no complaints from the RFA. I guess the RFA requirements are completely dropped when logging in from a new phone to avoid people getting locked out as they're setting up their phone.
You're not thinking long-tail enough. Once a service reaches a certain size you have to deal with every single kind of failure.
* User forgot their password.
* User's authentication token was eaten by an alligator.
* User's phone fell down a well.
* User's phone broke and they got a new number from their carrier.
* User's phone, laptop, and hardware token were lost by an airline.
* User's phone and backup codes were simultaneously lost in a fire.
* For Google specifically, user lost access to their email and didn't have a recovery set up.
If you can reasonably authenticate them using any means you probably should let them because every time you have to fall back to human customer support it's $$$. Remembering a password is one of the few things that's resistant to life's bullshit but it's also incredibly insecure so this is the compromise.
> User's authentication token was eaten by an alligator.
> User's phone, laptop, and hardware token were lost by an airline.
> User's phone and backup codes were simultaneously lost in a fire.
There should be a recovery process. However, the recovery process should be tedious and thorough enough to reliably authenticate the user and not be vulnerable to attacks. Charge a cost for the recovery process.
> because every time you have to fall back to human customer support it's $$$
Sometimes, "fuck off" can be the right answer, especially when the downside is a vulnerability that ends up costing more in fraud/reputation/legal liabilities.
House doors don't (yet?) come with a "forgot your key?" button, and the world hasn't ended, so it seems like most people are able to keep track of physical keys and have no problem paying a locksmith to break & replace the locks if needed. Safes don't come with those buttons either, and yet safe manufacturers haven't gone out of business because it takes significant cost, time & effort to open one if you lost the key (that's the whole point of it).
> House doors don't (yet?) come with a "forgot your key?" button.
Welp, I do this. I'm incredibly forgetful, adhd is a bitch, so I have a spare key in a lockbox by the door that takes a combination and give copies of my keys to my friends. And I have the combination in my password manager so even if I forget both but have my phone I'm still good. I also keep multiple copies of my credit cards and driver's license. This stuff has saved me literally hundreds of times.
I'm not sure I understand the logic of not letting someone authenticate themselves with the
A recovery process that costs $10 and actually works is great value. Assuming the recovery is for credentials that the user lost (and not Google deciding to lock them out for no reason), it seems totally fair - after all, you don't expect a locksmith to replace your locks for free either.
I suppose, but if I already entered the code from my authenticator app is having me click on an email going to make it more secure? If they have my authenticator app then they've already totally owned me anyway.
Sending an email as a notification would serve the same purpose.
> is having me click on an email going to make it more secure?
We implemented this at Mercury recently to stop phishing attacks, and I believe Coinbase implemented it for the same reason [1].
TOTP authenticators are super ineffective at combating phishing. If a user is willing to give their email and password to a phishing site, there's very little standing in the way of them also providing their TOTP code.
WebAuthn solves this by working with the browser to tie authentication to a particular domain, but not everyone has a WebAuthn authenticator yet.
Meanwhile, email verification links are a really simple and effective way to shut down these phishing attacks. The phisher can't click the links, because they don't have access to the user's email. The user can't click the links on behalf of the phisher, because clicking the link only verifies the device that clicks the link.
Oh, I hadn't read that as merely having the e-mail address and password to the site, but having the password to the e-mail account. I get it now. Though, it still irks me that we are now up to 3 factor authentication--password, TOTP, and e-mail--under the premise that the user is too dumb to secure 2 factors, and yet somehow is smart enough to secure the third one.
One aspect we're not thinking about is the customer service cost to a world without passwords. If you forget your password, they just email you a new one. What happens if you lose your bank's 2FA token and miss a payment deadline? "Too bad so sad," is the HN answer, but customers will move their money elsewhere. So now you need a budget for a call center, replacing hardware tokens with overnight shipping, and the "oops we'll pay the late fee for you", at least in the early days. (Once it's "normal" then those benefits will go away, but who is going to keep their money in a bank where they need to carry around something on their keychain, and if they lose it, they lose all their money? Nobody. You have to really smooth over the jarring transition, and that's expensive.)
Meanwhile "are you sure it's you?" questions are free; pay a software engineer to write them, never touch it again, no matter how many customers you have.
So I guess the question you have to answer, is how can a company make more money off of you by changing how you authenticate? If you show them the $$, they'll show you the WebAuthn.
Why does everyone jump to banks? They are welcome to keep their annoying security procedures. All my money is in there. I show my actual ID every time I transact at a bank branch, so I can understand if they are careful.
The things that annoy me the most when I travel are rarely banks – those tend to work just fine. It's usually the main trifecta – Facebook, Twitter, and sometimes Gmail.
> If you forget your password, they just email you a new one.
And in fact this is exactly what is so terrifying about Google moving more towards this kind of "oh you're in a different place, you must be a bad person" authentication. Email services are the single point of password recovery for almost all the websites you access. Sure, perhaps you'll lose a token; but most folks will learn to carry a couple over time. On the other hand, if Google locks you out because you look "too risky", you might lose access to multiple websites (because a lot of them these days email you security codes and such if you're logging in from a browser without cookies).
I know this is really sloppy of me but I'd argue my Gmail is as important if not more important than my bank account. If you have access to my bank, you have access to one bank account of mine but if you have control of my Google account, you now have access to all my bank accounts.
I agree though. I opted into two step authentication for a reason. If I give you both my password and two step code, add this entry to an append only table and move on.
I guess Facebook and Twitter will have this problem where people will take over someone's account and lock them out. Without going into too many details, I saw this happen to someone close to me. It is wild that there are scammers who do this for a living.
That makes me think of all the people who say they avoid staying in NYC homeless shelters because their shoes get stolen. How does a yubikey work for people who are in situations where they can’t reliably hang on to a single possession? Who provides customer service to people who only scrape together a few dollars a day? Hardware 2FA isn’t much of a solution for people who don’t even qualify to rent a P.O. Box.
Every single thing that I ever log into that does any kind of risk-based authentication triggers on me almost every single time (well over 90% of the time). Even things like Zoom installed locally on my laptop when I had to switch accounts for a couple of hours last week, when I went to switch back to my main account insisted on doing a code because I was allegedly logging in from a new location or device. (Aside: I have no idea why they present “switch accounts” and “sign out” as though they were different things. You’re fully signed out either way and have to sign in again.)
My only sins are having a dynamic IPv4 address, using Linux, using Firefox, and for some of them using Private Browsing windows for temporary sessions.
On Zoom at least, switching accounts and signing out/in seems to do something different. If I’m logged in with Google SSO, and I want to switch to a different Google SSO, clicking “Switch Account” and then selecting Google doesn’t let me change which account is selected. Actually signing out then back in does let me select a different Google account.
If you do use a shared device, you should be using your own user profile on that device. Or, at least, your own browser profile.
You really shouldn't be logging into your sensitive accounts from a public device or computer anyway. Unchecking "remember me" will not make that secure, and to suggest otherwise is a bit misleading.
I feel like you're imagining scenarios you experience in a developed country. This is not representative of most people Google users in the world
Plenty of people use shared computer, especially in environments with low financial resources (ie people in developing economies, low income families in developed countries, etc). This accounts for hundreds of millions of not billions of people in the world
It's unrealistic to expect all these people to have a non-shared computer to use, and unrealistic to imagine the shared computer to be set up by someone tech savvy enough to create separate profiles for people.
If I were to pick a random library or local school in South America or Asia for example, I would bet they have a shared computer where you just sit down at a logged in windows profile
> unrealistic to imagine the shared computer to be set up by someone tech savvy enough to create separate profiles for people.
I don’t really buy this. The tech kid in the village will explain that if abla doesn’t want nene to see her mail every time then abla should use the “new private window” button when she turns on the computer.
There’s no “basic human instinct” to be able to log into mail which this change goes against. Everyone had to be taught how to open the browser in the first place. The instructions have simply changed.
I don't understand how this even helps... if the attacker (nene?) is the person who owns the computer, there is no way that "new private window" is somehow going to protect you.
If the attacker controls the computer, logging out won't help you either. First thing I'd do as an attacker is install a key logger to get the password. I assume that people who use shared computers don't have 2FA enabled.
Or even if you're just not wealthy. You could use computers at the library/school. You could only have one computer in your household (like so many of us were familiar with in the 90's). It is a bit absurd to think that everyone lives like us tech geeks where we all know more, dedicate more time and money to tech, and are going to just have more tech in our households. I think a common issue we face is not realizing that others live in worlds that we do not experience, even from the periphery (covid was a good example of this. Groups aren't homogeneous and many don't actually know someone who died of covid and someone else knows several. Reality isn't what we see happening because we have limited views).
If you are using a shared machine, then using a temporary session isn't enough anyway. You should be using a private window.
Temporary session are a weak, half-arsed solution. The author of the post is complaining because they're what he's used to, not because they're actually useful.
> You really shouldn't be logging into your sensitive accounts from a public device anyway.
This kind of functionality is required, for at least one reason: public access to computers in public libraries. So long as some government services can only be accessed online, you will need access to private email accounts from publicly available computers.
Logout after session end is quite useful in that situation, even if only as a backup to manually logging out.
Those computers typically wipe themselves with a fresh image after each user, and if they don’t you can assume they had some key logger malware that just stole your login anyway.
There is also browser ingonito mode that works perfect for this use.
1) Privacy: I have multiple accounts. I don't always want these linked to each other either. This is not only multiple Google accounts (personal and work) but also this leaks data since Google knows more about what accounts I have.
2) Security: Just because it is my computer doesn't mean it is always safe. I don't want someone to be able to login to other services just because I'm logged into one. This is akin to being logged into your password manager but with less control since you can't login to a site you need and logout of your manager. Security is often about creating barriers.
3) Centralization: power/influence grows faster than linear with respect to control. Or we may refer to this as momentum. We don't want Google, or anyone, to have control over something so important like the internet. The distribution is essential. While centralization can be good, too much can stifle innovation. That's the whole problem with monopolies (which don't need to have absolute control, but just significant).
4) Personal control: It is my computer, my data, and my accounts. Your services should be making things easier but also expand the amount of control that we have. Creating walled gardens goes back to 3. Potentially this can even create fissures. Having personal control also helps innovation. Being able to play around lets people find new ways to do new things.
I don't know that all that really makes sense to me.
1) Most people do not have multiple accounts, or at least do not care about those accounts being linked. And if you are in that situation, then you are (hopefully!) already being methodical about signing out and clearing cookies (or using a separate browser profile, private browsing, whatever). And if you aren't being methodical about this, eventually you are going to screw up anyway, no matter what the login flow or session timeout is.
2) Again, if you are worried about this attack vector (and, also again, most people probably are not), then you should be methodical about immediately signing out and clearing cookies when you are finished doing whatever you are doing. Also again, if you are not doing this, eventually you are going to forget, and succumb to an attacker.
3) Absolutely agree, but I don't see what this has to do with the persistent login issue.
4) It is indeed your computer and your data, but it is not "your" account. It is access to a remote computer system that someone else has granted you, and it is perfectly within their rights to decide how that access works. You may not like it, and that's fine: you are perfectly free to use a different service[0]. I think there are many reasons to claim that Google is a monopoly in some area or another, and that opting out of Google isn't feasible for some people, but "I don't like the login flow" is certainly not one of those reasons.
[0] Earlier this year I dropped GMail and moved my mail elsewhere, and I stopped using Google search several years ago. I've also stopped using Google's OAuth service to sign into other third-party websites, and have switched to regular email+password for any sites where I'd already signed up for an account using my Google Account. I'm working on weaning myself off of some of Google's other services, but I will admit this takes time and effort, and I'm not always up for the work involved. But that's on me, not on Google.
1) So why force it upon people? Moreso, best privacy policies means you should minimize the amount that the user needs to do. People make mistakes. You're supposed to make mistakes harder to make, not easier. The more methodical you have to be, the less privacy preserving your product is. I'm apologize, but this sounds like gymnastics to justify the outcome. Maybe you don't care about privacy? Maybe you think us privacy concerned people are nuts? But welcome to HN and welcome to the world where data privacy advocates are starting to make wins. But your argument comes off as "well sucks for you, you should have done better." A victim's actions may contribute to the danger they are in, but at the end of the day that's not the issue. The issue is that they are a victim and why this kind of discourse comes off as victim blaming.
2) Again, security practices should simplify not complexify. More complexity less security. Why force this on people? Why victim blame? Try to make fewer victims, not more.
3) Because Google (and others) are using this login method as a means of centralization and standardization. As you are breaking away from Google you're probably seeing that it isn't trivial and that there are a lot of things you lose because of it (despite HN users often saying roll your own email or saying that email is very decentralized). I would argue that Google has some blame for the difficulties to wean yourself off of them. They created a platform with the explicit intent to make it burdensome to leave. That's not ensuring competition is abundant within our communities. (3 is all big picture stuff but this does matter. I have examples if you care)
4) I get your point, but I think there's a middle ground. The bigger problem is that it is difficult to use other services. There are also websites that don't allow me to log in through any other means. (I only use the Google sign-on for a singular website which does this).
I do not feel it is okay to just dismiss these issues outright. I have the right to criticize the framework. You have the right to disagree. Google has the right to ignore my complaints/critiques. But you're not really disagreeing with my comments so much as dismissing them. Effective communication does require us to discuss in good faith with one another.
No freaking way. It is a UX component where the website asks for something every commercial site should ask users before tracking:consent. If you leave that unchecked you are telling the site you don't want it to track the device information with your account information once you sign out.
However, Google doesn't give a shit about your consent. Whether you like it or not your device information will be tracked along with your account information and they don't even need you to ever signin to begin with either.
This isn't about security, it's about liability on Google's end. But from a security perspective, many users have shares computers at their homes (and even at work) and that isn't a situation they can avoid. Even with different user profiles having the right permission means your browser profile can be accessed by someone else. Oh, and guess what? Even in america poor people use shared computers at libraries and schools and they sometimes forget to sign out of the OS account profile after closing the browser.
While I’m sure some libraries are still on very old setups, for the last 10 years or so the standard has been to throw away the entire user account between uses. If you forget to log out when you’re done, it happens when your timer runs out. This is how every library I’ve been to in recent memory has worked. Many libraries now also use thin-clients backed by VM’s, so the whole “computer” is thrown out after each use.
This was a lot more annoying before Google docs ate the world - the library computers would have large warnings that unless you saved to floppy or USB you were going to lose all your shit on logout. Many a school essay went to the great recycle bin in the sky that way.
Isn’t it overall good hygiene to have different accounts for different purposes ?
When switching Google accounts you’ll probably don’t want it to have permanent logging cookies, especially if you’re in a pinch and not in the appropriate context (e.g. looking at your family mail from your work computer to quickly get an important message)
Putting the data management responsibility on the user is kind of a dick move, at the same level as all the opt-out garbage we have to deal with.
This isn’t about security, it’s about privacy and tracking consent. Leaving “remember me” unchecked means the user only wants (the equivalent of) a session cookie, as opposed to a persistent cookie. The alternative is to have the browser delete persistent cookies on a per-site basis, or to always open a new “private mode” tab, but that is a lot less convenient to handle for the user.
Containers are similar to browser profiles, except that history, bookmarks, HSTS, saved passwords, and everything else apart from cookies and other persistent data are "containerlized".
There are addons that introduce the concept of "temporary containers", that delete all cookies when you quit that container.
Google Container makes sure that every connection to Google domains (including YouTube) use a Google-specific container. This is the case for recaptcha and other probes Google has.
Originally it wouldn't sync across your signed in Firefox Accounts, the plugin would come across but not your saved containers/open with options. I feel like they might have added having your container settings being synced more recently though.
If you're logged-in, it allows Google to bypass the low-fidelity third-party cookie tracking (that's increasingly being blocked) and use GAIA id instead.
I assumed that's the real takeaway-- they don't really want you logging out if they can avoid it.
I was highly annoyed by the "persistent login via Chrome" thing, because it feels like it breaks the expected seperation of concerns-- the stuff inside the browser frame should stay inside the browser frame.
For Workspace, you can set a timeout to automatically log you out after a certain time. I'm not sure if this feature exists for regular accounts though, however even if it did it will not accomplish what you're suggesting which is to only remember you until you restart your computer. If you want to do that, then opening in a private window is the correct solution.
There also exists extensions and apps that can delete session data automatically, and Chrome has policies you can specify to only remember cookies for specific sites.
I used to come to HN for more even-tempered high-IQ discussion but it seems to be devolving into the toxicity that ruins all online forums i.e. being outraged about something from a very limited perspective, accusing big corporation of evil-doing, and generally not appreciating the nuances of a complex problem.
Might I suggest commenting on said missed nuances in the relevant subthread(s) rather than unconstructively blaming the community of being bad now as a whole?
I don't think there is a culture of discussion here. If you write something that the majority does not like, they are very likely to attack you directly.
Persistent sessions are not a problem – not having any security could be (E.g. Auto logout on location or IP change, and especially two-factor authentication on various actions), but that would still be depending on the user and various circumstances. The lowest common denominator should not be defining our security practices.
Point is, it is a huge bad practice to automatically log people out without their consent to do so, and it is one of the most horrific annoyances on the sites that do it.
I am not even sure I want that kind of bullshit on my banking accounts, since they got two-factor authorization on account actions anyway. I can not count the amount of times I have lost something I was writing because a site logged me out before I could finish what I was doing.
I just clear all the browser persistent data every time I leave. It probably is possible to recover the cookies using some low-level unerase tools but this still feels better than nothing.
They probably ran some analytics and found majority of users use the same device and for them "Remember Me" is an annoyance. I honestly want to see more companies adopt this. It is a broken experience when you open a site and it asks you to login again on the same device, given you used the site not long ago on the same device. I want the sites to haver a robust security in the backend systems but not make users do the work for them.
"Remember me" (aka "Trust this Device") is a red herring for me in nearly every case.
I suspect this is partly due to my pervasive use of IPv6; both my Android device and Windows receive IPv6 allocations on my home WiFi. The device fingerprinting that providers use seems to be fooled when the IPv6 Interface ID changes, even if the /64 is identical. So according to their algorithms, my device is perpetually new and untrusted.
Live.com always always pops a dialog to ask me whether I wish to remain logged in; I never remain logged in, but the dialog constantly asks and there's no way for me to dismiss it permanently.
The only time I've seen "Remember me" work properly is when it sets a cookie with my username and does nothing else. Since I use a password manager, I have no use for remembering my username, and in fact it disrupts my flow and presents an unnecessary leak of credential information.
> It is a broken experience when you open a site and it asks you to login again on the same device
This only happens if user explicitly unchecked the "remember me" (aka 'stay signed-in") checkbox. As such, it's a good experience - fulfilling the user request.
My complaint is precisely the opposite: most places that have “remember me” checkboxes have nerfed them to the point of genuine uselessness, and way too many services don’t even pretend to let you stay logged in for more than ten minutes and aggressively log you out with no notice. All in clear violation of WCAG, I might add, which conventionally has at least some legal weight in a number of countries.
You have a every specific, and not very accurate set of assumptions about what a ‘remember me’ checkbox does (hint, it’s not always session extension - it’s often just remembering your login ID).
Also, you are regularly asked to authenticate to google services, and presented with the screen shown. To pretend otherwise is just weird.
You can complain about the default session length, but that’s a much more specific and different rant from the one in TFA.
Also, do you really think the 99.8% of regular gmail and YouTube users want to log in to google every time they close their browser windows?
The problem with short sessions is that users who do not think about them sign in more often. This makes typing your credentials more normal and makes phishing attacks more common. Reducing the rate at which users enter credentials is generally a good thing.
Users who are thinking about having a short session know how to clear site history when they are done, or click "sign out".
Well, my interest is exactly to enter the password more often, so that I do not forget it.
Your reasoning is questionable. Fishing attacks more likely? Maybe yes, maybe no. I personally am very cautios of any login initiated from email and other messages.
I do not know how to clear site history (how?), and do not want whole history cleared; it is useful to have login names saved, for example. I only want an option to not keep the browser signed-in persistently.
Manual sign-out from every site I have in many browser tabs is not practically reliable.
"Passwords are insecure" is not a good enough rebuttal to this, honestly. We have far more robust authentication methods available; and it's possible to make them standard and avoid this "Remember me" nonsense. Instead, we get all of it for what seems to be the sole purpose of even more user tracking.
----------------------------------------
[1] Remember those? A refresher if you don't: https://www.youtube.com/watch?v=iWssRVJgPqc