Should I Always Sign Out of My Online Account?

Who do you trust?

Sign Out
(Image: canva.com)
It is perfectly safe to stay signed in to your online account as long as you're protected from a few specific scenarios.
Question: You sent me steps (in addition to changing my password) when my Yahoo mail had been hacked, for which I thank you. One more please: should I always sign out of Yahoo when I’m finished dealing with mail?

It depends on the physical security of your computer.

Here’s what you need to consider.

TL;DR:

As long as someone else won’t access your machine while you’re not around, or those who can are trustworthy, then staying signed in is generally safe. If you’re not certain or know that others pose a risk, then absolutely sign out when you walk away.

Always sign out?

I generally don’t.

I’m signed in to email — and all my other accounts, for that matter — all day long. I’m probably signed in to my Gmail accounts for days at a time and across multiple machines here at home.

I can make some assumptions about my machines, however, that allow me to feel safe doing so.

Someone else

Could someone else walk up to your computer and start using it? More pragmatically, of all the people in your home that might be able to, would they? Would they cause trouble by poking around in your signed-in accounts?

If the answer is yes, it’s a good idea to sign out when you’re done. At least sign out when you know you’ll be stepping away for a while.

On the other hand, if you know no one would try to do something inappropriate, there’s really no need.

It’s the latter scenario at my house: no one else is going to cause problems.

Someplace else

The obvious counter-example is public or otherwise shared computers.

This is the clearest example of other individuals accessing the same computer you’ve used. If you walk away leaving yourself signed in, someone else could compromise your account, or at least cause trouble.

It’s mostly about physical access

It all comes down to how much you trust the people with access to your computer when you’re not around.

If you trust them, great. Don’t bother signing out.

If you don’t, can’t, or just aren’t sure, then signing out is the safest thing to do.

It’s also about security in general

Be sure to do all of the other things it takes to keep your computer safe on the internet.

But if you’re doing that, and you don’t have somebody running around your home who’s going to cause trouble while you’re not around, I wouldn’t worry.

It’s how I operate.

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

Podcast audio

Play

17 comments on “Should I Always Sign Out of My Online Account?”

  1. Another thing to watch out for. I was checking my email on a public library computer. The allotted time ran out and I was logged off from that session. I ask the attendant at the desk to log me back on so I could log off from my email account. Ending a session on a public computer doesn’t log you out of any accounts you are logged into. If you are using a public computer that doesn’t have ab attendant, watch time carefully so you can log out in time. Also, it’s probably best not to be logged into more than one account at a time on a public computer because you might forget and accidentally leave one logged in.

    Reply
  2. I had Open Office 3.3 on my computer, it was always crashing, hired a computer repair person, he took it off my computer and installed microsoft office 7. Now when I want click on a document to open it says “Adobe ReaderX, Adobe Reader could not open “___”.doc because it is eithr not a supported file tye or because the file has been damaged. How can I fix this? I keep calling the repair guy and never get a call back.

    There’s no such thing as Microsoft Office 7. There’s Microsoft Office 2007, or 2010. Assuming it was one of the later, installing it should have fixed this up for you. I’d do a repair (should be available in Control Panel – Programs – Microsoft Office), or a complete reinstall of Office.

    Leo
    08-May-2012
    Reply
  3. @Arleen,
    Here’s an article on how to set your file associations, or the default program used to open files. You need to set Word to open those .doc files. This article is for Vista, but Windows 7 is similar.

    Setting file associations

    Reply
  4. I’ve always used a WIRED connection, and frankly, haven’t really bothered to learn how a wireless connection works. When I heard the question above, I thought of something I heard about when wireless routers became popular–“if you don’t secure your router, anybody walking by can use your connection.” Here’s my question, IF I’M LOGGED INTO MY EMAIL ALL DAY, and I have a wireless connection, is it possible for a neighbor or passerby to view my email without logging in?
    Is it just “connectivity” that others can “steal” or can they actually view my web history, bookmarks, etc.?
    Thanks.

    This is why you want to encrypt your wireless connection using WPA2 – without it anyone nearby could potentially watch what you send and recieve, and connect as if they were on your local network (because they would be).

    Leo
    03-Jun-2012
    Reply
  5. @ina,
    It’s not wireless that’s the problem, but improper security. If your connection is not secured almost anyone walking by with a wireless device (laptop, iTouch, etc.) would be able to use that connection to connect to the internet.

    Accessing your email, and the files on your computer would take both the desire to do so, and an extra skill-set that most folks don’t have. So, no. Anybody walking by couldn’t do it. However… it’s those few who do have both the bad intent and the skills that you have to worry about. So, yes, there are some folks that could do whatever they wanted with your computer if you gave them access to it by not being secured properly.

    Here’s a good article to read that will help you understand how to secure your router, and be sure to subscribe to Leo’s newsletter because he really knows how to teach this stuff!

    http://ask-leo.com/securing_your_router.html

    Reply
  6. I do NOT stay logged in to sites. I do not like google tracking my internet habits so I stay logged out of my google account until (and only until) I need to be logged in for a specific reason. Likewise for email. I have an email account with my ISP as well as accounts on outlook.com and gmail. I have Thunderbird set up with connections for each and it periodically checks for new messages, and downloads them to local storage. If I lose my internet connection for any reason I still have access to my archived messages. Also, I have no faith in online storage/services. Services can go away without warning, storage quotas can be downsized, mail systems can be hacked, and terms of service can be arbitrarily changed. For the record, I also do not use an online password manager (such as LastPass). KeePass serves all my needs and runs/stores locally.

    Reply
    • I have an email address with my ISP, but I’ve never given it to anybody. My first email address was with AOL, later I had another ISP supplied email address and I lost access each time I switched providers. I then heard about Yahoo’s email which promised email for life and signed up for that. I still have that account after over 20 years. I use it for newsletters etc.
      As for cloud storage, I only use it for syncing my data among my computers. I have backups of all the synced machines.
      Leo has recommended using Thunderbird to v=bacj up your emails.

      Reply
    • That depends on the website you are logging into. Some place a cookie to keep you logged in when you return to that site. For example, Google and Facebook keep you logged in forever. Others log you out automatically. Others have a cookie that expires after a time and you have to log in again. Many give you the choice with a “Keep me logged in”, “Remember me”, or similar checkbox on logging in

      Reply
      • Your comment touches on my principal concern about staying logged in: that is, what are the systemic risks, as opposed to the incidential risks. My concern is less that someone will have physical access to my device, but more that what someone, or something, will do to my logged in account when I am not using it, principally bots that are looking for logged in accounts with which to do mischief. Granted, I’m not certain if there are bots that in fact ARE looking for logged in accounts, but I’d rather not give them the opportunity. What do you think? Too much belt and suspenders? I’m open to ideas : )

        Reply
        • The chances of a remote attack are, well let’s say, remote :-) possible but very improbable. And if that does happen, you have much more to worry about than someone accessing one open account. If they can get into your system remotely, they can steal all of your accounts, data, and more.

          Reply
  7. Thanks for that! I had a sneaking suspicion my concerns might be a TAD excessive, but I didn’t have the commitment to verify their validity, . . . so I didn’t.
    Your informed comment gives me the confidence to return those suspenders back to the mothballs where they belong : )

    Thanks again!!

    Reply
  8. Another thing to be conscious of is your password management program if you use one. I usually have LastPass signed in and ready to supply any password I need for any site. If I take my personal laptop to the tech shop, or give my work laptop to the IT Department, they can access everything through LastPass if I forget to sign out from the extension. I don’t think I’ve ever forgotten, but even if I did, the sensitive sites such as banking and shopping are doubly secured by setting LastPass to ask for a Password Reprompt before entering the login credentials on those pages.

    Reply
  9. Leo, you wrote:

    “At least sign out when you know you’ll be stepping away for a while.”

    An alternative to this might be to simply lock the screen (CTRL-ALT-DEL, then click “lock”). Yes, you do have to log back into your computer, but the advantage is that your web session with whatever site you’re on remains active and is not interrupted; you can pick up right where you left off instead of having to begin a whole new session.

    Normally, and just like Leo, I stay logged in. For example, I never log out of Amazon unless I have to; I log in with the “keep me logged in” option checked, and when I’m done with them for the day, I don’t log out, but merely close the browser.

    However when, every few months or so, my Mom hosts a meeting of her Sci-Fi club and there are various people floating about the house, I’ll lock the screen before I leave the computer (say, to use the toidy). It’s not even so much an issue of distrust of those present, as much as a desire to “keep honest people honest” by removing a completely unnecessary temptation. :)

    Reply
    • I used to close the lid of my laptop to put it to sleep when I shut down for the night. Then the next day, I’d get a message that the backup wasn’t performed. I’ve switched to locking it via the Windows key + L so the background processes can be carried out.

      Reply

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.