Do you log out of sites?

Internet

Here’s a mental exercise. When was the last time you logged out of a site? Not closed the tab, or put your laptop to sleep, or waited for a timeout; but pressed a log off button to end a website session?

If your answered recently, do you think any of your colleagues, classmates, friends, or family still do?

I ask, because I’m starting to think it’s unusual. It used to be accepted security wisdom to log out when you were done with a session, but once again I feel like I’m an outlier doing it.

I can see three reasons for this:

  1. Sensitive sites, like online banking and the tax office, will log you out automatically after a period in activity. People have become used to this. I worry, because it trains people to think all sites do this, when they most definitely don’t.

  2. Sites like Facebook are incentivised to keep you logged in to track and monetise your activity. This is why Messenger was such a masterstroke; you have to be logged in all the time to get IM-style messages on their site.

  3. Logging in has become a pain. Split login forms, CAPTCHAs, insecure SMS-based MFA systems that time out delivering codes, and confirmation emails because… wait, you log out sometimes? That’s unusual activity! And the solution? Use your federated login from point 2!

Some of this comes down to security or bad design, either deliberately, or because people don’t prioritise accessibility with alarming regularity.

Still, I thought it was an interesting shift.

Author bio and support

Me!

Ruben Schade is a technical writer and IaaS engineer in Sydney, Australia who refers to himself in the third person in bios. Wait, not BIOS… my brain should be EFI by now.

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or buy some silly merch. Thanks!