Simplicity is: logging in without a username or password

Published: July 28th, 2014

“I really like what I can do in the web interface, but having to enter my username and password to login each time is extra work.”

We’ve seen the above comment many times.  Identity verification, as everyone who has not been lost on a desert island for 10 years knows, is really, really important these days.  But like many aspects of security, it can be rather annoying.

On the bright side, there are a number of ways to get around this step and make the login process simpler without necessarily making your account less secure.  Here is how we have helped many customers simplify their Internet life.

1. Your browser can save your password

Most modern web browsers can tell when you are on a web site’s “login” page and will ask you if you want to “save your password” to that site.  If you choose this option, then the password will be saved on your computer somewhere so that, the next time you visit the login page, your login credentials can be pre-filled for you.  All you have to do then is click “login” and you are in.  Super quick.

This method will work with most web sites. If you are not being prompted to save passwords, it’s possible this feature simply isn’t enabled in your browser.  Here is how to turn it on:

Google Chrome:

  • Settings > click on “Show advanced settings…”
  • Enable “ “

Mozilla FireFox:

  • Preferences > Security tab
  • Enable “Remember passwords for sites”

Safari:

  • Preferences > Passwords tab
  • Enable “Autofill user names and passwords”

Internet Explorer (v11):

  • Internet Options > Content Tab
  • Press the “Settings” button under “AutoComplete
  • Enable “User names and passwords on forms”
  • press “Ok”

Warning: What you must know about this method is that your username and password are being saved on your local computer.  As such, someone with access to your computer (either access to your login or an administrator) could possibly get at that information, and that can be a significant security risk.  Additionally, if you step away from your computer without logging out, anyone sitting down can then login as you to any sites where your login credentials are being saved.  So, you should never save your passwords on public computers (e.g. library, coffee shop) or computers that are not accessed exclusively by you and/or people you trust.

If you use Mozilla FireFox, there is a useful feature that allows you to set a “master password” for all your other passwords. With this option enabled, your saved login passwords will be encrypted on disk, making them inaccessible without the master password. This protects your passwords from someone sitting down at your computer and opening a new FireFox session, but of course hinges on you remembering to close FireFox before you step away. To enable the master password option:

  1. Go to “Preferences” and choose the “Security” tab
  2. Enable “Use a master password”.

If your organization has security requirements (e.g. HIPAA), please check with your compliance officer or IT staff to see if saving passwords in this way is permitted before you start doing it.

2. Quick Logins

LuxSci has a cool feature called “Quick Logins” that drastically improves on the browser-based “Saved Password” option discussed above for logins to the LuxSci.com member’s web site:

  1. It works with any browser, even on tablets and mobile phones
  2. Your password is never saved on your computer or device.
  3. You can setup Quick Logins for multiple accounts so you can get a list of account choices on the login page and just press one button.
  4. You can see a list of all browsers that have Quick Logins enabled, and you can selectively invalidate any of them at any time even if you no longer have access to that computer or browser.
  5. Users can enable Quick Logins for themselves, or administrators can require Quick Logins for their users on a case-by-case basis.

To learn more about Quick Logins and how to set them up, see: Want to Login to LuxSci from your Mobile Phone with a Single Touch?

Quick Logins work great with all web browsers, but they are especially designed for mobile devices where it is much more painstaking to type passwords manually.

What about high security HIPAA accounts?

For high security accounts, such as those with HIPAA compliance requirements, Quick Logins are limited:

  • Account and Domain Administrators are not permitted to use Quick Logins for themselves at all.
  • Users are never permitted to self-provision Quick Logins — an administrator must enable a Quick Login for an approved user and communicate an authorization code to that user.

Even in lower security accounts, administrators are only allowed to access the “mobile site” via Quick Login, for security reasons.

Leave a Comment


You must be connected or logged in to post a comment. This is to reduce spam comments.

If you have not previously commented, you can connect using existing social media account, or register with a new username and password.