Pascal Meunier @ on
Don't leave users logged in permanently by default
There’s a checkbox that’s checked by default on nanoHUB (“Keep me logged in?”). It leaves you permanently logged in. There should be alternatives that are less risky but still convenient enough. I suggest instead a select box with a configurable default value, with choices like 3, 6, 12, 24, and if you really must have it, permanently (never the default). You shouldn’t leave users logged in permanently, this is very bad security.