If you could save yourself effort from typing in your login credentials on each site visit, would you do it? Most people would. That’s why the “Remember me” option on logins exists. Ticking that checkbox means users don’t have to re-type their login info on the next visit.
The “Remember me” checkbox seems convenient, but it presents a major usability problem. Users often forget to tick the checkbox when they log in. As a result, the majority of users aren’t utilizing this convenient feature. This is because they need to exert cognitive effort to remember the “remember me” checkbox.
Most users have the habit of hitting the enter key right after they type in their password. Even if they intend on ticking the checkbox, they have to work against their muscle memory to do it. Breaking this habit takes a lot of conscious effort.
Using the mouse to tick the checkbox is also inconvenient in itself. Users have to take their hand off the keyboard, grab the mouse, and move the cursor. The keyboard option is to tab select the checkbox and hit the spacebar, but most users don’t do it this way.
Not only that, but non-tech-savvy users don’t understand what “Remember me” exactly means. Does it remember their email address or password, or both? Is it storing their authentication session or data input? How long is it stored? Many questions surround the ambiguous “remember me” option.
The reason the option exists is to safeguard users who log in from a public or shared computer. If they forget to log out of their account, it’ll delete their session when they exit the browser. This way, no other user will get access to their account.
Remember Me by Default and Log Me Out
The worldwide web needs a win-win solution to this usability problem. Public and shared computer users need security, but personal computer users need convenience. The way to meet both user bases’ needs is to enable the “Remember me” option by default.
Users no longer have to remember to tick the checkbox if a site remembers their info by default. This decision makes sense because most users log into sites from a personal computer. Logging in from a public or shared computer is the exception. As such, a checkbox for logging out after the session ends needs to exist.
Instead of a “Remember me” checkbox, you should have a “Log me out after” checkbox. Ticking it would automatically log users out when they exit the browser.
Since public and shared computer users know when they’re in a sensitive environment, they’re more cautious of security. Because they’re more cognizant, remembering to tick the checkbox doesn’t require as much cognitive effort. It makes more sense to dedicate the checkbox to their needs.
In addition, the option won’t confuse non-tech-savvy users. It implies that they’ll stay logged in on the next visit. Now they have the option to log out manually or automatically from the login. This auto log out option also saves users the trouble of hunting for the log out button, which can be hard to find.
The forgotten “Remember me” checkbox will be forgotten no longer. Users don’t need to remember to tick it anymore. They can finally enjoy the convenience of staying logged in on their next visit. At the same time, they still have the option to log in securely from a public or shared computer. It’s a win-win solution to an age-old usability problem for everyone.
Access Full Article
Get access to the full article to see research data on the “Remember me” option. You’ll also learn how to make the new logout option easier to notice and understand. Your subscription gets you access to this article and all future articles.
Book
Affiliate
I don’t fully agree, because in terms of security, if the user is not on his device or computer, the access to that website or application will be permitted to someone else. User experience should not overcome security.
On the other side I see that Google uses the same method you have described, so they should know what are doing 🙂
I strongly resist this approach. Why make it harder for public computer users to practice better security? This would force them to tick a “Log me out after my session” checkbox that’s presumably unchecked by default. This is punishing them for the minor inconvenience of checking “Remember me” on personal computers. So the new default is personal computer users have a minor inconvenience removed while public computer users get less security. Forgetting to check an authentication option shouldn’t leave you more exposed, it should just ask you to authenticate again. That’s exactly why “Remember me” isn’t the default; usability shouldn’t compromise security.
And if we assume casual users are confused by “remember me,” do we really think “after my session” is an improvement? What’s a session? When is after? Who decides one ends?
I do not agree this idea at all. As user may forget to check “Remember me” checkbox, its also possible to forget to check “Log me out after”.