One of the most common yet underreported causes of data breaches is usersâ€™ failure to properly log out of public PCs.
Is your work computer accessible to others, perhaps after business hours? How about your home computer? Does its use extend beyond your immediate family, to your kidsâ€™ friends or babysitters, for example? Do you ever log in to a hotelâ€™s business center PC, or take advantage of free Internet at a bank of sponsored PCs at a conference? Or pay per minute at an Internet cafÃ©? Maybe youâ€™re you a college student; do you use the PCs in the computer lab, or friendsâ€™ PCs?
Any shared PC is at an increased risk for spyware, viruses, and other malicious activities of a criminal hacker, the PCs administrator, or just the dude that happened to use the computer before you. But many people increase their vulnerability simply by failing to log out.
A few months ago, my sister-in-law used my familyâ€™s PC, logging in to her Facebook account. After she left, I checked Facebook myself, and quickly realized I was still logged in to her account. To teach her a lesson, I changed her profile picture to something she didnâ€™t appreciate. (Being my sister-in-law, she forgave me.)
This past weekend at a conference, a colleague borrowed my laptop to check his email. Four days later, after having turned the laptop on and off a half dozen times, I attempted to check my own email and found myself still logged in to his Gmail account. In this instance, I quickly logged out, since Gmail notifies users when their accounts are open at multiple IP addresses, and I wasnâ€™t about to hack a colleague.
Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to â€œRemember me,â€ â€œKeep me logged in,â€ or, â€œSave password,â€ and will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an â€œauto-completeâ€ feature, which remembers usernames and passwords.
Iâ€™m not entirely sure if my colleague left Gmailâ€™s â€œStay signed inâ€ box checked, if Gmail left a cookie on my laptop, or if my operating system remembered him. Either way, he was hackable.
I may log in to a PC that is not mine once or twice a year. And when I do, I make sure I log out of any program I logged in to. On the rare occasion that I use someone elseâ€™s computer to log in to an account containing sensitive data, I make an effort to change the password. Generally, though, I lug around my own laptop wherever I go, and I use an iPhone.
Never check a â€œRemember meâ€ box, and if itâ€™s selected by default, remember to uncheck it.
If you get an auto-complete pop-up while logging in, read it carefully and be sure to click the â€œnoâ€ option.
Some PC administrators install password managers that prompt the user to save login credentials. If you are on someone elseâ€™s PC and get this kind of pop-up, read it carefully before just clicking buttons to dismiss the pop-up.
Most importantly, PLEASE, for heavenâ€™s sake, LOG OUT. Do I need to repeat myself?