Carl Hartung wrote:
In my mind, the question was "Should the use of auto login be encouraged or suggested?" In my opinion, there is no real reason against that. But read on...
like someone posing as you sending a dirty joke to your spouse but cc's the CEO or the Chief of Police or the Mayor... or someone more vengeful sending threats to your Ex or downloading illegal content or attempting to destroy your data. All of this sounds like things you would see in a company, where coworkers hack each other. But in a company, I'd expect that someone sets up the systems that can tell apart softlinks and hardlinks. And such a person would not use auto login.
For Joe Average, who installs Suse on his computer at home, all of this is irrelevant. The box is used by him and his wife, probably even sharing the same account. Local attackers are no issue, since he only lets trusted people inside his apartment/house. This is the type of user for whom auto login should actually be encouraged, since it makes Suse easier to use. Assuming that a professional administrator is clever enough to turn it off right from the start, but Joe average is not clever enough to turn it on we should activate it by default when local authentification is used (=no corporate network). Regards nordi