bitwix

Tangential comments about Software Development

Monday, August 11, 2014

How not to design software, by yoo know whoo

Imagine an online company that provides two services.

You log in to one, say an email service.

When you access a second, say online document storage, you find you're already logged in. That's fine.

You do one of the accepted sign out actions - close the browser or switch off the computer.

When you next load the browser, it turns out you're still logged in to the second service. But you were lucky to find this out, because the first service still asks you for a password.

This is how Google Gmail and Google Drive work. If you use both, then logging on to Gmail leaves that browser able to access your Google Drive account. Closing the browser, rebooting the computer has no effect. Next time someone loads Chrome, Google Drive is ready to be viewed by them.

I'd say this is a colossal design error. I still can't quite believe it. The way I use computers, in different companies' offices, means I load Google websites via a password. Sometimes I may not sign out. That means the next person to use Chrome will get my Google Drive for free.

It's simple for Google to fix. Just make Google Drive work like Gmail.

For now, I'm moving significant documents off Google Drive to a site that treats security in a way that works. And I'm getting in the habit of signing out within the browser.