Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is Automatic Sign-in Safe for My Email?

As with so many things, it depends.

Having your email automatically or continually signed in to can be a security risk in some situations, but very convenient in others.
Stay signed in checkbox.
(Image: askleo.com)
Question: Is it safe to have auto sign-in on for my email accounts? And how do I go about doing the same? Signing in each time to check my mail is kinda frustrating.

There are several different automatic sign-ins we could be talking about. It all depends on the security of your machine.

Let’s review the elements.

Become a Patron of Ask Leo! and go ad-free!

TL;DR:

Staying signed in

Auto sign-in for email is convenient but can be risky if your device is not physically secure. Options like “stay signed in” or password vaults can eliminate the need to sign in every time. If your machine is secure from unauthorized access, it’s generally safe to use automatic sign-in features.

Pros and Cons of auto signin.
Pros and Cons of auto sign-in. Click for larger image. (Image: napkin.ai)

Physical security

There are various auto sign-in options available, but the bottom line common to all of them is that if you are certain that your machine is physically secure — that no one will walk up to it and abuse what they find — automatic sign-in should be fine.

Note that “locking” your machine doesn’t count. Depending on how auto-sign-in crazy you’ve gone, all a person would have to do is reboot the machine to automatically sign in to everything: Windows, your email, and who knows what else.

So if believe your machine is secure, perhaps it’s in your home office where noone ever goes, great. If it’s not, I’d avoid automatic sign-in techniques.

Automatic sign-in methods

There are three techniques most commonly used to create an automatic sign-in situation for email: “remember me” methods, password vaults, and desktop & mobile e-mail programs.

“Remember me”

If you’re signing into a web-based email service, there is no automatic sign-in. It’s “remember me” that does the trick. This may be present for the password as you sign in or it may be part of two-factor authentication.

Don't ask again.
One “remember me” technique. (Screenshot: askleo.com)

This involves a cookie placed on your machine that identifies you and says you’re already authenticated. Of course, if you clear cookies regularly, that’s forgotten, and you’ll have to sign in again.

So rather than automatically signing you in, it simply remembers that you never signed out.

It comes in different forms:

  • Stay signed in
  • Remember me
  • Don’t ask again on this device

and so on.

As long as that’s checked and you’re not aggressively clearing cookies, you should sign in automatically every time.

Password vaults

Some password vaults have a literal auto-sign-in feature. It works like this:

  • You navigate to a website and it asks you to sign in.
  • Your password vault notices the URL as one it has an entry for, and fills in the username and password.
  • The password vault then clicks OK or presses Enter on your behalf so you’re automatically signed in.

This type of automatic sign-in depends on the features your vault offers and whether you have it turned on. (It’s typically an option.)

Desktop & mobile email programs

If you run a desktop email program like Microsoft Office’s Outlook, Thunderbird, emClient, or many others, they usually use automatic sign-in from the start. Once you configure access to your email account, running the email program automatically connects to and accesses your email. If your email program runs on startup, simply signing in to your computer will run it.

Do this

It all comes back to physical security. If you’re reasonably certain that no one will abuse the fact that you’ve got automatic sign-in turned on, then use it in its various forms. I do.

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

Podcast audio

Play

2 comments on “Is Automatic Sign-in Safe for My Email?”

  1. “Note that “locking” your machine doesn’t count. Depending on how auto-sign-in crazy you’ve gone, all a person would have to do is reboot the machine to automatically sign in to everything: Windows, your email, and who knows what else.”

    If locking the computer keeps someone from accessing your computer, rebooting the machine asks for a password or PIN unless you’ve gone through the hoops to set it to log in without a password.

    Reply
  2. I use biometrics to sign on to all my computers when using Windows. When any of my computers are idle for more than five minutes, the screen lock activates, and my biometric is required to regain access. As a backup for my biometrics device, if anything should go wrong, I have a locally-stored pin set up so I can regain access until I can repair/replace my biometric device. I have an app that automatically locks the screen for me when I close the lid on my laptop PCs. On my desktop, I ALWAYS lock the screen when I walk away. On my laptops, I ALWAYS close the lid when I walk away. The entire concept is that I NEVER leave any of my computers unlocked when I’m not in front of them. I trust my family, but I’m in my mid-70s, and I don’t trust strangers who may break into my home, so I do all I can, and I leave the rest up to the powers that be.

    Ernie

    Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.