As with so many things, it depends.
There are several different automatic sign-ins we could be talking about. It all depends on the security of your machine.
Let’s review the elements.
Become a Patron of Ask Leo! and go ad-free!
Staying signed in
Auto sign-in for email is convenient but can be risky if your device is not physically secure. Options like “stay signed in” or password vaults can eliminate the need to sign in every time. If your machine is secure from unauthorized access, it’s generally safe to use automatic sign-in features.
Physical security
There are various auto sign-in options available, but the bottom line common to all of them is that if you are certain that your machine is physically secure — that no one will walk up to it and abuse what they find — automatic sign-in should be fine.
Note that “locking” your machine doesn’t count. Depending on how auto-sign-in crazy you’ve gone, all a person would have to do is reboot the machine to automatically sign in to everything: Windows, your email, and who knows what else.
So if believe your machine is secure, perhaps it’s in your home office where noone ever goes, great. If it’s not, I’d avoid automatic sign-in techniques.
Automatic sign-in methods
There are three techniques most commonly used to create an automatic sign-in situation for email: “remember me” methods, password vaults, and desktop & mobile e-mail programs.
“Remember me”
If you’re signing into a web-based email service, there is no automatic sign-in. It’s “remember me” that does the trick. This may be present for the password as you sign in or it may be part of two-factor authentication.
This involves a cookie placed on your machine that identifies you and says you’re already authenticated. Of course, if you clear cookies regularly, that’s forgotten, and you’ll have to sign in again.
So rather than automatically signing you in, it simply remembers that you never signed out.
It comes in different forms:
- Stay signed in
- Remember me
- Don’t ask again on this device
and so on.
As long as that’s checked and you’re not aggressively clearing cookies, you should sign in automatically every time.
Password vaults
Some password vaults have a literal auto-sign-in feature. It works like this:
- You navigate to a website and it asks you to sign in.
- Your password vault notices the URL as one it has an entry for, and fills in the username and password.
- The password vault then clicks OK or presses Enter on your behalf so you’re automatically signed in.
This type of automatic sign-in depends on the features your vault offers and whether you have it turned on. (It’s typically an option.)
Desktop & mobile email programs
If you run a desktop email program like Microsoft Office’s Outlook, Thunderbird, emClient, or many others, they usually use automatic sign-in from the start. Once you configure access to your email account, running the email program automatically connects to and accesses your email. If your email program runs on startup, simply signing in to your computer will run it.
Do this
It all comes back to physical security. If you’re reasonably certain that no one will abuse the fact that you’ve got automatic sign-in turned on, then use it in its various forms. I do.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
“Note that “locking” your machine doesn’t count. Depending on how auto-sign-in crazy you’ve gone, all a person would have to do is reboot the machine to automatically sign in to everything: Windows, your email, and who knows what else.”
If locking the computer keeps someone from accessing your computer rebooting the machine always asks for password or PIN unless you’ve gone through the hoops to set it to log in without a password.