Dear Google, Please stop the auto sign-outs. Sincerely, everyone
It's time to stop signing us out.
You fire up Google Docs to finish up that document, or you open Gmail to fire off an email. Nope. Google‘s got other plans. “Verify it’s you” shouts the brand in rather large letters. It’s time to sign back in again, usually right when you’re trying to do something.
Hey Google, it’s time to cut this out. This rather annoying process seems to happen fairly frequently. You have to re-enter your password, go back through 2FA, and all just to open a Google site. We know, we know, security and blah. But you don’t need to harass us for passwords on a bi-weekly basis in the name of security.
Google doesn’t need us to sign back in
“Of course it does, don’t be so silly” naysayers cry. But actually, it doesn’t. Every time you visit a website (including one of Google’s many services) the website records your IP address. It’s why you sometimes run into trouble when using a VPN. Chances are, you sign in to online services from the same spots (such as home, the office, etc). Your IP address ties your device to a location. See where we’re going with this?
All Google needs to do is compare a current IP address with one we’ve used before. If it’s the same, open sesame. If not, fine – you can ask for our passwords again. And why’s that ok? Because our devices are more secure than ever.
Before you can even fire up the web to attempt to open Gmail, chances are you’ve verified your identity already. That’s all thanks to the handy security in your device. Biometrics, usually, but otherwise passwords and passcodes. In order to access the device in the first place, you already have to verify that it’s you.
Fingerprints and face scans are a whole lot more secure than a password. Yet, Google (and any other website that regularly asks you to sign back in) seems to ignore this. If someone’s managed to get through Face ID on your phone or Touch ID on your laptop, a pesky password isn’t going to do much to hold them back.
Irony of ironies, I use my fingerprint to autofill the password back into Google. With so much security already built-in to devices, it’s time that online services start relying on it a little more. Take Apple’s new Passkeys, for example (which Google supports). They’re doing away with the need for passwords, all by using your device’s security. That’s the right way to go about extra security measures, not with a string of letters, numbers, and special characters.
Security is important, but let us control it
Chances are that some of you out there completely disagree with this. You welcome the extra security before checking your emails for the underground bunker booking confirmation. And that’s fine. I’m the first to welcome security and take extra measures. But when it comes at a trade-off of convenience, the extra security isn’t always worth it.
Rather than removing auto sign-outs entirely, pop a toggle in the Google account settings page. Or go a step further and let me choose where, when, and how it signs me out automatically. Security force-fed down our throats is a chore, so give us some customisability.
Right in our pockets or on our desks is some of the most sophisticated security technology available. And it’s baked right into the devices we use every day. Let’s take advantage of this tech, eh?