The New Google Login, And Using Public / Shared Computers

I've written a few times about protecting your Blogger / Google account, when you use public / shared computers.

Generally, any concern about use of public / shared computers discusses cookies, which are simply invisible traces that you might leave behind when using any computer. If you only use your own computer - and never share your computer - this issue is probably of no concern to you.

If you use a computer that someone else, who you know, also uses, cookies are a small concern. If you use a computer that other people, who you don't know, also use - as in a public computer in a coffee shop or library - this should be a larger concern.

If you look at the Google login screen, you'll see a common option, on many login screens.
Stay signed in.
If you hover the mouse over the option, you'll see a small popup.
For your convenience, keep this checked. On shared devices, additional precautions are recommended. Learn more.
Clicking on "learn more", you get to read Securely signing in to Google.

The Google Help article mentions cookies as a significant risk to you, when using a public computer ("Devices used by lots of people").
Public computers, if well-maintained, automatically clear a user’s web history and cookies. If you’re unsure, we recommend that you use the private browsing feature of the browser. If private browsing isn’t available, clear the browser’s history, cache, and cookies before and after you use the device.
With a shared computer ("Devices shared with a few people"), the risk is less alarming.
If you only plan to use the device briefly, such as when visiting a friend or relative, we suggest using private browsing.

If you plan to use the device often (say, for example, it’s your family computer), then we suggest creating a user profile either in the operating system or in the browser so you can keep your information private from other users. We recommend you leave the "Stay signed in" checkbox selected to take advantage of Account Chooser and longer sessions. Learn how to add user profiles on an Android device or in Chrome.
And the final note.
If none of these security options are available to you, we strongly suggest you do not sign in to your Google Account. If you do sign in, we recommend deselecting the "Stay signed in" checkbox in case you forget to sign out.

I've discussed clearing cache, cookies, and sessions, in a few articles - and in more than a few forum discussions. In many cases, before the new Google Login (2014) was developed, cookies were moderately significant. Cookies, along with cache and sessions, are normal bits of data, which a knowleagable hacker might find hidden away, on a computer.

With the new Google login display, cookies are a more significant concern. Look at a typical Account Chooser login screen might look like, on a computer shared by a number of people who use Google products.

Would you want any later user of your computer, checking out Account Chooser, and finding your email address in plain view?


If you, personally, only use one Google account, and never use a public or shared computer, you may never see the Account Chooser login screen. If you do see Account Chooser, in its native state (un erased), you will see the account name ("Display Name" in Blogger) and email address of each Google account owner who has used the computer, since cookies were last cleared. Note that the screen print, shown here, has display name and email address, for each of the 5 previous users, erased.

With the Google login display (2014), and Account Chooser, we have gone from account vulnerability to any knowleagable hacker, to account vulnerability to anybody who cares to click on "Use a different account".

Obviously, when using a public computer - and probably a shared computer - you would not want to ever select "Stay signed in". Also, if you ever have to use a public computer, I would always use 2-Step Verification.

>> Top

Comments

D7ana said…
Thanks for sharing this information. I use public library computers occasionally to enter blog posts and/or email. Learning that my information might remain on that computer after I log off, well, I will be more attention to my signing out.