Create consistent UI for admin access security
I have probably filled in this page thousands of times, but every time I have to double check each box to make sure I'm doing it right:
Disable webConfigurator redirect rule: unchecked is insecure
Enable webConfigurator login autocomplete: unchecked is more secure
Disable logging of webConfigurator successful logins: unchecked is secure
Disable webConfigurator anti-lockout rule: unchecked is insecure
Disable DNS Rebinding Checks: unchecked is secure
Disable HTTP_REFERER enforcement check: unchecked is secure
I propose that something being checked should be treated as secure, and that labels and descriptive language should be made consistent to match.
Enable HTTPS-only access
Disable login form autocomplete
Enable logging for admin logins
Enable web configurator limited access
Enable DNS rebinding checks
Enable HTTP_REFERER enforcement
It would be ideal if all labels started with "enable" but not sure how to word that second one. Because you should be checking a box to enable something, not disable it.