A Consuming Experience

Blogging, internet, software, mobile, telecomms, gadgets, technology, media and digital rights from the perspective of a consumer / user, including reviews, rants and random thoughts. Aimed at intelligent non-geeks, who are all too often unnecessarily disenfranchised by excessive use of tech jargon, this blog aims to be informative and practical without being patronising. With guides, tutorials, tips - and the occasional ever so slightly naughty observation.

Add this blog to Del.icio.us, Digg or Furl | Create Watchlist for this blog

Add this blog to my Technorati Favorites!

Google security: an easy way Google can help, why don't they?

Monday, October 09, 2006
Deutsch | Español | Français | Italiano | Português | 日本語 | 한국어 | 汉语

Add this post to Del.icio.us, Digg or Furl | Create Watchlist

Google reiterated recently that they take security "very seriously" (ironically, just a couple of days before they reported that someone had exploited a Blogger bug to make a fake post on Google's official blog!).

They've even got a new page dedicated to security now, and will take security-related comments/feedback at security@google.com.

So, I ask, why don't they fix one simple thing to do with Google services that's been bugging me for a while now?

Whenever you login to a Google service, the "Remember me on this computer" box on the log in page is automatically TICKED by default. Just a couple of examples (Reader and Page Creator), you get the drift...:

The only exception seems to be Gmail - I've UNticked that "Remember me on this computer" box when logging into Gmail, and it seems to stay unticked after that (for the account I unticked it for, on every computer I've tried, so it seems to be related to the account rather than to cookies on that computer?). But for all Google services, I feel strongly that the box should not be ticked as standard, whether I choose to save cookies or not (and it won't surprise you that I clear out my cookies every session). Certainly, if you untick it it should stay unticked.

The reason is obvious. If a user forgets to untick that box before logging in, and forgets to logout of the service they were using, the next person who goes to (say) Gmail or other Google site using the same computer can read the previous person's mail, feed subscriptions etc, and even reply as them, with impunity. So much for security and privacy...

In these days of shared computers and the widespread use of public computers in libraries, internet cafes and the like, I personally think that it's irresponsible of any Web service provider to code their login page so that the "Remember me" box is checked in advance.

Changing the default position and UNchecking that box is such an easy and simple thing to do and I firmly believe would immeasurably help improve security and privacy no end. So why don't Google? Pretty please? (Though in general I'm a huge Google fan, as any reader of my blog will know.)

(Another thing that bugs me is how Skype tries to start up automatically with your computer AND login the first user automatically; and even if you try to disable those options, each time you manually start Skype they're ticked by default again, so you have to remember to UNcheck those boxes before logging in or you're stuck with it until you disable it manually. Again, with shared computers and public computers I think it's downright dangerous and stupid to do that, and taking control away from users, which is a big bugbear of mine, is also a usability no no - and in this case surely bad for security as well as PR for Skype, in terms of irritating its users.)

Links to this post on:

  • Icerocket -
  • Blogpulse
  • Bloglines
  • Delicious
  • Google Blog Search -

Create link here by posting on Blogger

4 Comment(s):

Hey great point. This is one of those "duh" things that Google should really consider doing.

(By Taylor, at Monday, October 09, 2006 5:43:00 PM)  Edit Comment

That checkbox only causes your username to be remembered. That is, if you log out of Google Reader and then visit the Reader page again, your username will be filled in automatically. Your password will not be remembered unless you tell your browser to do so.

(By Anonymous, at Monday, October 09, 2006 6:41:00 PM)  Edit Comment

I would have to say that that above comment Pwns the original poster. It was a vaild question, i use Gmail and did notice that the password is not saved by the check box.

(By Anonymous, at Wednesday, October 11, 2006 2:23:00 AM)  Edit Comment

Glad you agree Taylor!

Point taken, thank you Anons, but I still don't want even my username to be remembered (as people can search for it on Google and I may not want others to associate me with that username!). I use different names for different aspects of my life for privacy and security reaons.

(By Improbulus, at Monday, December 11, 2006 8:49:00 PM)  Edit Comment

Post a Comment | | Subscribe to all comments on all posts

| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »
| Previous Post »