Why log out of web pages?

Do you log out of web pages or just close the window?

Log out icon #4I notice that many of my computer support clients just close the window (or tab) when they have finished with web pages – even when the page is important and carries implications for security (such as banking sites, Amazon, PayPal, and so forth).

Is this a security risk?

It might be. If you have signed into the web page then there is definitely an implication that there’s something “private” going on, so it would probably be a good idea to get into the habit of at least considering “signing out” or “logging out” before closing the page. When you sign into a web page, that page places a cookie on your computer. When you sign out properly that cookie is invalidated. If you close the page without signing out then the cookie remains on your computer and it is just possible that it could be stolen so that someone else could log into your account.

Log out icon #1Is it a realistic security risk?

I don’t know. I’ve been looking for some evidence that login information is actually stolen this way but can’t find any. As far as I am concerned, though, that is largely beside the point. The way that I look at it is that the potential cost of having, say, my online bank account or PayPal, or Amazon compromised is huge. Apart from the financial loss, there’s also the massive inconvenience that be could caused in cleaning the mess up (cancelling credit/debit cards, getting replacements, seeking reimbursement for fraud losses etc). It’s never happened to me, but I expect that there would also be a horrible feeling of violation – like being burgled (and I do know how horrible that feels).

How do you sign out?

It seems to have become standard practice that the “sign out” (or “log off”) button or text link is located somewhere near the top righthand corner of all web pages of the site you are signed into. If you can’t find one then click the “Home” button and look there. It’s also just possible that it’s located at the bottom of the screen amongst a lot of other links that are likely to be found there.

Logout icon #3All of the above advice is given on the assumption that you are using your own computer or device. If you are on a public computer then it is even more important that you completely log off any sensitive site. Apart from session cookies being stolen, there is always the possibility that a public computer is infected with a “key logger” that records every single keystroke you make (including your usernames and passwords). Personally, I wouldn’t dream of logging onto my bank or even Amazon from a public computer. I can’t imagine anything being urgent enough that I would need to take the risk.

Finally, you might (rightly) think that most sensitive sites will log you out automatically if you do not use them for a period of time (ten minutes, say). Do you want to take the risk that this actually works and that no-one is going to sneak in during the ten minutes before you are logged out? Your call. As so often with computers, it’s a (largely subjective) cost/benefit analysis.


Log out icon #2Once the habit is established, it doesn’t really seem an inconvenience to log out of a website. It becomes the natural step to finish off whatever business you had with the site. I have always said that it is impossible to completely eliminate the risks of using the internet without staying away from it altogether. It’s a bit like getting run over by a bus. The only way to prevent getting run over by a bus is to stay indoors. You wouldn’t think it an “inconvenience” to look both ways before you cross a road – you just do it and, thereby, reduce the risk to an acceptable level. As far as I am concerned, the same applies to the basic, sensible steps we can take to remain reasonably safe on the internet. Signing out of websites is one of those steps.

Other pieces of advice that fall into the category of online security that I’ve mentioned before include –

Is that website genuine and safe?
Is it safe to download a file?
Reducing online shopping risks

Other links you may find interesting:

Do I really need to log out of webapps
Logging out of work computers

If you can’t find a text link that says “log out” or “sign out” or something similar, then look for an icon that is similar to the examples in this post.