otormaigh
commented
9 years ago Yes login details can be stored on each device indefinitely or when manually destroyed. Usually this data would be destroyed at logout but this would then result in the username not being present at login. What could also be done is the user could manually navigate to the device settings and delete the account from the account manager page.
I think for ease of use this would be a good feature but for security I think this would be bad. It would mean that an attacker would only need to know one piece of information to access the device (password) rather than both username and password.
Overview
For ease of use, it would be better if the app could 'remember' username each time the Service Provider had to login (say, after each session timeout).
How can this be done in the app? What are the mechanism to 'forget' the username if another user went to use it?