You've probably seen a box labeled something like Keep Me Logged In when you visit a lot of websites. While the functionality is in the name, you might not know what they actually do and how they work.
Let's look at how "keep me logged in" works, what you should know about this function, and related security concerns.
What Is "Keep Me Logged In"?
When you visit most websites, it's common to see a box labeled Keep me logged in, Remember me, or similar next to the username and password fields. If you check this box before you sign in, you won't have to sign back into the website next time you return, even if you close your browser and come back later.
You can always sign out manually by clicking the Log Out (or similar) option, which will immediately close your session with the site. But if you've checked that box, you won't have to sign in again for the next several days, months, or even indefinitely. Why is this?
How "Keep Me Signed In" Works
To understand how this function works, you need to know about web cookies. A cookie is a small file that websites place on your computer, which stores some information about your browsing session. For example, when you visit Amazon and put an item in your cart, that item stays in your cart even as you click around the site. This is possible because of what's called a session cookie.
If you don't check "Keep me signed in," then the site's server sends a standard session cookie. In most cases, your browser deletes these as soon as you close it (ending the session), so next time you visit the website, you'll have to log in again.
When you check "Keep me logged in," the site instead sends a cookie that enables a persistent session. This means that the cookie, and thus your logged-in state, doesn't clear when you close your browser.
How long the cookie lasts depends on the website (and potentially your browser). Some of them set a specific expiration date, while others choose to have the cookie last for a week, a month, or some other length of time. Once the cookie expires, your browser deletes it.
Without the cookie, the website won't remember who you are, and you'll have to log in again. This is also why you have to log into websites again when you clear your cookies.
Keep Me Logged In vs. Saving Passwords
Now that you know how cookies work to keep you logged in, you should know that this is not the same as when your browser offers to save passwords. Most modern browsers have a built-in password manager, which will detect when you've entered something into a password field and offer to record it for you.
This feature keeps your password stored so that you don't have to remember it to log in. It doesn't keep you logged into the site—it just fills the password field for you when you visit the site and need to log in.
You can combine these functions, if you like. If you stay logged in and have your browser store your password, you won't have to log in all the time and when you do, it will be easier. Keep in mind that while your browser's password manager is acceptable, we recommend using a third-party password manager instead, as they have more features and work across browsers.
Also, some sites offer a different checkbox, usually labeled Remember my username or similar. This doesn't keep you signed in, but it will populate your email address or username when you return. You'll usually see this on secure websites, such as banks— they don't want you to stay signed in for long periods of time due to security concerns.
Security Issues of Staying Logged In
Checking the "keep me logged in" box is obviously convenient. On a private computer that nobody else uses, it lets you browse with fewer hurdles. And as long as your device is physically secured, there's little security risk to checking this box.
However, using the "keep me signed in" box on a public computer is dangerous. If you check that box (which is often easy to do by mistake), anyone who uses that computer after you can simply open that website and use your account.
This is why one of the most important ways to say safe when using public computers is never using the "keep me signed in" box. If you ever do check it by accident, make sure you find the Log Out button on the website so you can end your session manually.
Don't Forget About Incognito Windows
While we're discussing the option to stay logged in on a website, it's worth remembering the option to use an incognito or private window, too. An incognito window opens a fresh browser session that has no data associated with it, so you'll have to log into websites every time.
Incognito windows don't save any data about your browsing session, so as soon as you close them, all cookies from the session are destroyed. If you open another incognito window, it won't have access to anything you did in the previous window. Some browsers, like Safari, even isolate each tab from the others so they can't cross-reference data.
You should always use incognito mode as a precaution when using a computer that's not your own, such as one at a library. Private browsing doesn't hide your activity, but it does make sure that other users of the computer can't access it.
Even if you don't check "keep me logged in", later users might still be able to see your browsing history, data you typed into forms, and similar. Using a private window prevents this.
Stay Logged in Wisely
Now you know what the "keep me logged in" box does on websites. It's a great way to avoid having to type your username and password over and over on a private machine. But you should only use it where other people can't take advantage of it to get into your accounts.
Meanwhile, saved logins are just one of the ways that your browser can compromise your privacy.
Image Credit: fizkes/Shutterstock