Who do you trust?
It depends on the physical security of your computer.
Here’s what you need to consider.
Become a Patron of Ask Leo! and go ad-free!
As long as someone else won’t access your machine while you’re not around, or those who can are trustworthy, then staying signed in is generally safe. If you’re not certain or know that others pose a risk, then absolutely sign out when you walk away.
Always sign out?
I generally don’t.
I’m signed in to email — and all my other accounts, for that matter — all day long. I’m probably signed in to my Gmail accounts for days at a time and across multiple machines here at home.
I can make some assumptions about my machines, however, that allow me to feel safe doing so.
Could someone else walk up to your computer and start using it? More pragmatically, of all the people in your home that might be able to, would they? Would they cause trouble by poking around in your signed-in accounts?
If the answer is yes, it’s a good idea to sign out when you’re done. At least sign out when you know you’ll be stepping away for a while.
On the other hand, if you know no one would try to do something inappropriate, there’s really no need.
It’s the latter scenario at my house: no one else is going to cause problems.
The obvious counter-example is public or otherwise shared computers.
This is the clearest example of other individuals accessing the same computer you’ve used. If you walk away leaving yourself signed in, someone else could compromise your account, or at least cause trouble.
It’s mostly about physical access
It all comes down to how much you trust the people with access to your computer when you’re not around.
If you trust them, great. Don’t bother signing out.
If you don’t, can’t, or just aren’t sure, then signing out is the safest thing to do.
It’s also about security in general
Be sure to do all of the other things it takes to keep your computer safe on the internet.
But if you’re doing that, and you don’t have somebody running around your home who’s going to cause trouble while you’re not around, I wouldn’t worry.
It’s how I operate.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 3:08 — 3.6MB)
17 comments on “Should I Always Sign Out of My Online Account?”
Another thing to watch out for. I was checking my email on a public library computer. The allotted time ran out and I was logged off from that session. I ask the attendant at the desk to log me back on so I could log off from my email account. Ending a session on a public computer doesn’t log you out of any accounts you are logged into. If you are using a public computer that doesn’t have ab attendant, watch time carefully so you can log out in time. Also, it’s probably best not to be logged into more than one account at a time on a public computer because you might forget and accidentally leave one logged in.
I had Open Office 3.3 on my computer, it was always crashing, hired a computer repair person, he took it off my computer and installed microsoft office 7. Now when I want click on a document to open it says “Adobe ReaderX, Adobe Reader could not open “___”.doc because it is eithr not a supported file tye or because the file has been damaged. How can I fix this? I keep calling the repair guy and never get a call back.
Here’s an article on how to set your file associations, or the default program used to open files. You need to set Word to open those .doc files. This article is for Vista, but Windows 7 is similar.
Setting file associations
I’ve always used a WIRED connection, and frankly, haven’t really bothered to learn how a wireless connection works. When I heard the question above, I thought of something I heard about when wireless routers became popular–“if you don’t secure your router, anybody walking by can use your connection.” Here’s my question, IF I’M LOGGED INTO MY EMAIL ALL DAY, and I have a wireless connection, is it possible for a neighbor or passerby to view my email without logging in?
Is it just “connectivity” that others can “steal” or can they actually view my web history, bookmarks, etc.?
It’s not wireless that’s the problem, but improper security. If your connection is not secured almost anyone walking by with a wireless device (laptop, iTouch, etc.) would be able to use that connection to connect to the internet.
Accessing your email, and the files on your computer would take both the desire to do so, and an extra skill-set that most folks don’t have. So, no. Anybody walking by couldn’t do it. However… it’s those few who do have both the bad intent and the skills that you have to worry about. So, yes, there are some folks that could do whatever they wanted with your computer if you gave them access to it by not being secured properly.
Here’s a good article to read that will help you understand how to secure your router, and be sure to subscribe to Leo’s newsletter because he really knows how to teach this stuff!
I do NOT stay logged in to sites. I do not like google tracking my internet habits so I stay logged out of my google account until (and only until) I need to be logged in for a specific reason. Likewise for email. I have an email account with my ISP as well as accounts on outlook.com and gmail. I have Thunderbird set up with connections for each and it periodically checks for new messages, and downloads them to local storage. If I lose my internet connection for any reason I still have access to my archived messages. Also, I have no faith in online storage/services. Services can go away without warning, storage quotas can be downsized, mail systems can be hacked, and terms of service can be arbitrarily changed. For the record, I also do not use an online password manager (such as LastPass). KeePass serves all my needs and runs/stores locally.
I have an email address with my ISP, but I’ve never given it to anybody. My first email address was with AOL, later I had another ISP supplied email address and I lost access each time I switched providers. I then heard about Yahoo’s email which promised email for life and signed up for that. I still have that account after over 20 years. I use it for newsletters etc.
As for cloud storage, I only use it for syncing my data among my computers. I have backups of all the synced machines.
Leo has recommended using Thunderbird to v=bacj up your emails.
Is simply closing down the browser a secure way of logging out of potentially multiple accounts?
Nope. Many services will come back in the signed-in state. Not all, but some. ¯\_(ツ)_/¯
That depends on the website you are logging into. Some place a cookie to keep you logged in when you return to that site. For example, Google and Facebook keep you logged in forever. Others log you out automatically. Others have a cookie that expires after a time and you have to log in again. Many give you the choice with a “Keep me logged in”, “Remember me”, or similar checkbox on logging in
Your comment touches on my principal concern about staying logged in: that is, what are the systemic risks, as opposed to the incidential risks. My concern is less that someone will have physical access to my device, but more that what someone, or something, will do to my logged in account when I am not using it, principally bots that are looking for logged in accounts with which to do mischief. Granted, I’m not certain if there are bots that in fact ARE looking for logged in accounts, but I’d rather not give them the opportunity. What do you think? Too much belt and suspenders? I’m open to ideas : )
The chances of a remote attack are, well let’s say, remote :-) possible but very improbable. And if that does happen, you have much more to worry about than someone accessing one open account. If they can get into your system remotely, they can steal all of your accounts, data, and more.
Thanks for that! I had a sneaking suspicion my concerns might be a TAD excessive, but I didn’t have the commitment to verify their validity, . . . so I didn’t.
Your informed comment gives me the confidence to return those suspenders back to the mothballs where they belong : )
Another thing to be conscious of is your password management program if you use one. I usually have LastPass signed in and ready to supply any password I need for any site. If I take my personal laptop to the tech shop, or give my work laptop to the IT Department, they can access everything through LastPass if I forget to sign out from the extension. I don’t think I’ve ever forgotten, but even if I did, the sensitive sites such as banking and shopping are doubly secured by setting LastPass to ask for a Password Reprompt before entering the login credentials on those pages.
I believe in most you can also configure an amount of time it remains logged in.
Leo, you wrote:
“At least sign out when you know you’ll be stepping away for a while.”
An alternative to this might be to simply lock the screen (CTRL-ALT-DEL, then click “lock”). Yes, you do have to log back into your computer, but the advantage is that your web session with whatever site you’re on remains active and is not interrupted; you can pick up right where you left off instead of having to begin a whole new session.
Normally, and just like Leo, I stay logged in. For example, I never log out of Amazon unless I have to; I log in with the “keep me logged in” option checked, and when I’m done with them for the day, I don’t log out, but merely close the browser.
However when, every few months or so, my Mom hosts a meeting of her Sci-Fi club and there are various people floating about the house, I’ll lock the screen before I leave the computer (say, to use the toidy). It’s not even so much an issue of distrust of those present, as much as a desire to “keep honest people honest” by removing a completely unnecessary temptation. :)
I used to close the lid of my laptop to put it to sleep when I shut down for the night. Then the next day, I’d get a message that the backup wasn’t performed. I’ve switched to locking it via the Windows key + L so the background processes can be carried out.