This statement contradicts what Ray said here.

I use a password manager. fills in the password automatically

Hello bltdavid,

While the login is now required to access the account, the Product Management team has specifically chosen not to save the password for auto-fill for security purposes. The username is now saved and auto-fills. It would be possible to auto-fill the password as well, but this was intentionally not implemented.

I realized this contradicts the statement from Ray (who was the former CEO and still has some involvement with the company), however this was the information provided to our teams from the Product Management team who made this decision not to save the passwords.

We are tracking amount of push back on this, and may re-visit this at a future time.

Note, password protecting the platform has been a highly request feature request from our users over the past 10 years, and this had a very high vote count. From my understanding, the majority of the community has voted to implement this.

NinjaTrader_ChelseaB Thank you for providing this clarification. However, in the case that they are starting up the platform in simulated trading mode or they even do not have a live trading entitlement, how would this be for security purposes?

Which one?

Hello QuantKey_Bruce,

Thanks for your note.

NinjaTrader users have requested that we password-protect the platform over the past 10 years as Chelsea has noted. Requiring that NinjaTrader users enter their password instead of having their password remembered increases security as it prevents others from being able to automatically log into the platform on someone else's machine and trade from that person's account.

Hello Bruce,

The trading mode is not considered at the login screen. The account is what is password protected. And the account is what is being accessed (for entitlements as well as trading) when entering the username and password on the platform. It is the same for accounts that are not yet funded or accounts that are funded. Either way, the account is password protected.

Understood.

But let's be honest.
The issue we have before us, right now, is called 'Choice'.

I am adamantly opposed to the nanny-state that Product Management
has imposed upon the entire NinjaTrader user community in this matter.

We users are capable of deciding what is best for our own circumstance,
to enable/disable password checking does not need to be all or nothing
affair. Some may welcome it, others may not. Where is the choice?

-=o=-

I get so pissed that your Product Mgmt thinks they know my environment.

My right to choose how I interoperate with my software in my environment
has been usurped. To what end? It's superficial, it is security theater.

To wit, after umpteen years, all of a sudden someone there in NT mgmt is
now gleefully trying to save me from myself by imposing this mandatory
password requirement?

Seriously?
This feature is that important?
For my security?

Puh-leaze.
Everything was fine for two decades without it.​

What has happened is this:
NT has grown. NT has new mgrs in key positions. These new mgrs in
key positions have to prove themselves, make their bones, justify their
existence. They need to move the needle, grow the bottom line, etc,
and the only way new mgrs can do this is to make changes. So, they're
gonna make some change to some thing, because that's their job, to
make that thing better -- that's how they achieve their goals -- via acts
of change.

Why?
Because they can.
Because they decree that their 'Change' is good.

The problem is: these decisions to 'change' something appear to be
happening in a vacuum, without regards for the history and legacy
of the NinjaTrader product.

Is that bad? It depends.
It takes someone green and arrogant to come in and scoff at tradition
and legacy to really change a culture or product. Sometimes, the new
approach by the new mgmt is welcome, and sometimes not.

And that's my point.

Yep, some new mgr in a key position is responsible for this entire
mess -- and they probably think it'll just blow over, that users will
bend to their all-knowing will, and eventually accept this mandatory
password requirement as normal.

Such is the nature of being new and arrogant in a key position.

-=o=-

The most galling thing is that this new direction (password required for
user sign-on) is so absolute in that it completely changes everyone's user
experience, denies some of the previous product ease of use pleasures,
and offers no escape route to revert to the prior behavior.

For anyone who likes the new behavior, that's great.

For anyone who doesn't, such as deeply knowledgeable, deeply
independent minded users, those folks are completely f*sked.

Why?
Because there is no recourse.
Because new people in key positions at NT think user Choice is not
important. And so, the password requirement is decreed as standard.

The '8.0' branch will eventually be denied an important change or two,
and, to stay current, a user will be forced onto the 8.1 branch. At that
point, sadly, my user experience & enjoyment with the product will truly
become fundamentally different.

Experienced users will start to find some kind of 'solution' to get around
the onerous password requirement -- eg, AutoIt, AutoHotkey, maybe a
3rd-party password manager -- anything to make their life easier, any
thing to restore the previous ease of use NinjaTrader was known for.

When users vote on their favorite trading software, I doubt NinjaTrader
will continue to receive the accolades it once enjoyed.

All because some newbie mgr in a key position thinks the password
requirement sounds like a good idea, when all it really is is security
theater. Even though it's tangential to what NT mgmt really wanted,
cloud based user accounts, that newbie NT mgr is thinking "yeah,
that password-signon thing, yeah, let's make that permanent, keep
it mandatory, no bypass allowed, that'll make things more secure".

Baloney.
All it's really doing is making users more annoyed.

For users, the negative impact of the always-on password requirement
will be orders of magnitude greater than any positive impact on the
safety of their new cloud based account.

The password requirement is superficial and mind-blowingly useless.
It is a solution looking for a problem. The new NT Product Mgmt has
'found' the problem, fixed it with 8.1, but applied it in such a manner
that they assume everyone has that problem.

Cloud based user accounts -- yes, that solved an existing problem.
This was the best way to integrate Desktop, Mobile, and Web.
We get that.

But, let's be honest, on the desktop,
Mandatory password entry does not solve an existing problem for the user.
Mandatory password entry creates new problems for the user.

Mandatory password requirement is just a 'checkbox item' to NT mgmt,
but, to users, the impact of that checkbox item is unbelievably profound.

If you disagree, then you're not comprehending -- the key word is
'mandatory' -- again, the denial of Choice -- that's the real problem.

Mandatory password entry on the desktop is destructive
to the user experience. It is not productive, and it protects
very little that needs protecting.

I love NinjaTrader.
To me, it has been a spectacular product.

The reasons I hate NT are quite few.
But it's clear that my primary reason is extraordinarily simple.

One word: Choice.

Lack of Choice.
Removal of Choice.
Mgmt dismissal of Choice.

My comment here still stands.

-=o=-

Just my 2˘.

+1 . I would like to have auto login as well. For those who don't want it, please make it a check box so that they can opt out of it. I think that's how it was before. Thanks!

Talk to me about this password manager. I tried a few and they didn't work. Which in particular are you using?

Hello Holligoly,

Thanks for your post.

I have added your vote to this feature request.

You guys must think the users are idiots.

The only thing that really needs password protection is a
Connection to a brokerage account.

Last I checked, NT8 already solved that problem by providing the
'Ask password on connect' option when configuring a Connection.

The Connection credentials, ya know, the username/password
you must have when configuring a new Connection -- those are
the only credentials that really matter to the user.

The Connection credentials are already secured.
And their re-entry upon each connection is optional.

What makes the platform credentials so damn special?
Why is the password entry mandatory?

Are the credentials for the user account in the cloud really
that different from the credentials for brokerage Connections?

Why can't the platform credentials be secured and then made
optional, just like the Connection credentials?

-=o=-

And, my dear BrandonH and ChelseaB, you guys should note
that the 'Ask password on connect' is a perfect example of
what I'm talking about -- Choice. When NT added this
feature to NT8, NT continued the tradition of Choice -- the
checkbox can be checked or unchecked, and all users could
be made happy.

To password protect the entire platform is nice, but to require
mandatory password entry every time NinjaTrader.exe starts
up -- that is an extreme measure and goes against 20 years
of precedent.

It screams new mgmt insufficiently wise to the userbase who
appreciate NT's 20 years of history and traditions for its ease
of use.

Mandatory password sign-on is indefensible.
Mandatory password sign-on is security theater.
Mandatory password sign-on burdens every user.
Mandatory password sign-on burdens every use case.

Your NT product managers are incredibly dismissive, and
they don't seem to care about the destructive feelings they've
created for their hundred of thousands (millions?) of users.

Requiring mandatory password entry is a huge mistake.
It makes the platform extremely painful to use.

NT Management's commitment to user choice in the platform
has slowly been receding over the years -- esp since the
introduction of the NT Brokerage component.

Mandatory password sign-on makes 8.1 a debacle.
Mandatory password sign-on is an idiot decision.

I'm not whining. I'm trying to help the decision makers see
the folly of this specific decision -- mandatory password
entry on the desktop adds absolutely no value to the user
experience -- in fact, it is a destructive feature.

Every single user wants Choice in this matter.

Please listen to your users.

Please devise a way to make password entry on the desktop
optional -- just like you made the password entry for the brokerage
Connection optional.

Two things to associate - which either Product Management don't 'get', (as I've been reprimanded for in the past) ninjatrader_arrogance (do your own research Community, draw your own conclusions)

So read Product Management team's response, again and again -
It has decreed.....
The solution was very simple - make Default to require password entry with User-selectable 'Remember me' as has been clearly argued here and elsewhere

"password protecting the platform has been a highly request feature request from our users over the past 10 years, and this had a very high vote count. From my understanding, the majority of the community has voted to implement this."

Regrettably this is Ninja muddled thinking through and through (which results in this, and which can't be a satisfactory outcome for anyone) - one to justify another - which it doesn't, it's a flawed argument)
I don't doubt ChelseaB (who helpfully seeks to 'mediate' I believe):
I don't doubt password protecting the platform has been a highly requested/vote count feature. Majority of community/users? - NT claim 800,000 users - majority? Community users maybe? NT claim tens of thousands - majority?
Those who have voted for it are self-selecting, not representative, nor necessarily aware of the many issues mandatory enforcement introduces (the above is not to challenge that this is so, it is incorrect extrapolation from it to conclusions proffered....)

Those who voted for it are a self-selecting sample - i.e. bias, not representative
Now the big leap - how many of those self-selecting who expressed a desire for password protection expressed that this should not only be by Default rather than opt in/out (no disagreement from me fwiw on implement Default and requirement to opt out as default, once, standard practice), but also that those who did not ask for it (the vast majority of the 800,000 users who expressed no desire for the feature and if included would likely want to have and take the choice to disable) should be denied the ability to disable

There are 2 pages of well-argued good reasons why the response to the (minority - insofar as most users express no opinion whatsoever) request for password protection should have been met with default requirement requiring active disablement. Simple.

"the Product Management team has specifically chosen not to save the password for auto-fill for security purposes."
There's the knub - that was the poor decision. To conflate it with 'majority' of 'users' saying they want the option with a Product Management team choice to specifically make it mandatory for all users does not go any way to explaining what seems to have been (in the voice of push-back) a poor choice

As usual, FTAOD. I intend no disrespect to any contributor, community member, NT staff or team. I am simply calling out what I see.

Back to basics of what's being said in simple terms - over the years a number of self-selecting users have asked for PW protection on the Desktop app (but not requested it be made mandatory for all users as far as we know), whilst many more have been content without it. Implement it by default but allow users (esp. those for whom it is problematic for technical reasons of operating the software) to opt out. Who's not happy....?
Specifically choose not to allow opt out which I'm sure no-one asked for - who's not happy? See above

It was just the same with the infamous blinking Watch Live button

Just sayin'

A false implied assumption here is that the platform application must or should be secured, even if no live funded account is connected. Many traders use NinjaTrader on multiple machines for charting, analysis, testing, optimization, scanning, development, research, or other purposes separate from a single device connected to a live-funded account. Having to enter a password on each of those machines every day and every time they restart the platform application is pointless, and the nuisance of having to type it a bunch of times each day encourages them to pick a simple password or employ a password manager type solution, which means there is no such security anyway. It has become a hassle that doesn't increase security and only provides the casual appearance of security. At this point, the desktop platform should default to its present behavior but simply provide a checkbox on the sign-on screen or in Tools -> Options to "remember me and keep me signed in" so that users for whom this does not make sense can have a user experience similar to the one they've had for twenty years now and everyone new, who does not realize how convenient it was before, simply won't know what they are missing.

Face the facts... There have been "votes" over the YEARS for product features that would make the platform MUCH better... And what gets implemented in the fiefdom of Ninjatrader is what a Product Manager wants... It's all theatre to get you to think you have a choice or a vote that matters... You will be made to care...