Making life easier for you.
I hate to disappoint, but a service remembering you on your computer doesn’t eliminate passwords.
There are two primary techniques used to remember or recognize you on a specific computer: cookies or passkeys.
Become a Patron of Ask Leo! and go ad-free!
Websites remember that you’ve previously signed in by using cookies or passkeys. In each case, you have to have signed in once using some other form of authentication such as a password, emailed links, or texted codes.
The first time you sign into a website like PayPal, you still have to provide your password. But after that you may not, or may not have to for “a while”.
The “trick”, if you want to call it that, is that when you signed in successfully, paypal.com placed a cookie1 on your machine that says, “This account has already signed in”, and doesn’t ask you to sign in again. For “a while”.
This is more than a convenience. This is what keeps you from having to sign in over and over again as you move from page to page within a site.
This is also why you often need to sign in again after clearing cookies: you’ve removed the information saying you’re already signed in. Signing out also invalidates the cookie.
Cookies do expire after a certain amount of time. The website controls the length of time, but it might be as little as an hour or two to several days or weeks or even years. The clock may or may not be reset every time you access the site — meaning the time could be based either on the first sign-in or on your most recent activity. Once the time has passed, you’ll be asked to sign in again.
With your password.
Passkeys are a new technology that in a sense do the same thing but in a significantly more secure way. Here’s how passkeys work:
- You provide your username to the service you’re signing into.
- The service sends a code or a link to your email address or phone.
- You enter that code or click that link to confirm you are the account holder, and you’re automatically signed in.
- The service then creates a passkey, which is securely stored on that device.
Future sign-ins on that device now rely on the passkey to both identify and authenticate you. “We recognize you on this computer” is one possible message when you return to the site sometime later.
You still need to sign in once on each device from which you want to access the account. That may involve a traditional password, particularly as we transition from passwords to passkeys on existing services.
Using passkeys, it’s possible the account could be completely password-free after that.
Obviously, continue to use proper password hygiene when passwords are used.
Particularly if you’re using a shared computer, be sure to sign out of your important accounts when you’re done. This applies to both passkey and cookie-based approaches to remembering you.
Interested in more answers like this one? Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Footnotes & References
1: Or cookies. Exactly how websites implement this is completely up to them, and a variety of techniques are used, I’m sure.