22 January 2018
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

741Posts 2,064,803Views 62Comments

Log Out, Log Out, I repeat, LOG OUT

02 October 2010  |  2210 views  |  0

One of the most common yet underreported causes of data breaches is users’ failure to properly log out of public PCs.

Is your work computer accessible to others, perhaps after business hours? How about your home computer? Does its use extend beyond your immediate family, to your kids’ friends or babysitters, for example? Do you ever log in to a hotel’s business center PC, or take advantage of free Internet at a bank of sponsored PCs at a conference? Or pay per minute at an Internet café? Maybe you’re you a college student; do you use the PCs in the computer lab, or friends’ PCs?

Any shared PC is at an increased risk for spyware, viruses, and other malicious activities of a criminal hacker, the PCs administrator, or just the dude that happened to use the computer before you. But many people increase their vulnerability simply by failing to log out.

A few months ago, my sister-in-law used my family’s PC, logging in to her Facebook account. After she left, I checked Facebook myself, and quickly realized I was still logged in to her account. To teach her a lesson, I changed her profile picture to something she didn’t appreciate. (Being my sister-in-law, she forgave me.)

This past weekend at a conference, a colleague borrowed my laptop to check his email. Four days later, after having turned the laptop on and off a half dozen times, I attempted to check my own email and found myself still logged in to his Gmail account. In this instance, I quickly logged out, since Gmail notifies users when their accounts are open at multiple IP addresses, and I wasn’t about to hack a colleague.

Web-based email services, social networking sites, and other websites that require login credentials generally provide an option to “Remember me,” “Keep me logged in,” or, “Save password,” and will do so indefinitely. This feature often works with cookies, or codes stored in temp files. Some operating systems also include an “auto-complete” feature, which remembers usernames and passwords.

I’m not entirely sure if my colleague left Gmail’s “Stay signed in” box checked, if Gmail left a cookie on my laptop, or if my operating system remembered him. Either way, he was hackable.

Protect yourself.

I may log in to a PC that is not mine once or twice a year. And when I do, I make sure I log out of any program I logged in to. On the rare occasion that I use someone else’s computer to log in to an account containing sensitive data, I make an effort to change the password. Generally, though, I lug around my own laptop wherever I go, and I use an iPhone.

Never check a “Remember me” box, and if it’s selected by default, remember to uncheck it.

If you get an auto-complete pop-up while logging in, read it carefully and be sure to click the “no” option.

Some PC administrators install password managers that prompt the user to save login credentials. If you are on someone else’s PC and get this kind of pop-up, read it carefully before just clicking buttons to dismiss the pop-up.

Most importantly, PLEASE, for heaven’s sake, LOG OUT. Do I need to repeat myself?

Robert Siciliano, personal security expert contributor 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robert

Top 10 Tips for Securing Your Mobile Devices and Sensitive Client Data

11 January 2018  |  3006 views  |  0 comments | recomends Recommends 0 TagsSecurity

Your Social Security Card Gets Stolen: Now What?

04 January 2018  |  3569 views  |  0 comments | recomends Recommends 0 TagsSecurity

What Was Scary About Blackhat 2017?

02 August 2017  |  6409 views  |  0 comments | recomends Recommends 0 TagsSecurity

Black Hat 2017 was an Amazing Event

29 July 2017  |  6911 views  |  0 comments | recomends Recommends 0 TagsSecurity

Blackhat Hackers Love Office Printers

28 July 2017  |  5543 views  |  0 comments | recomends Recommends 0 TagsSecurity

Robert's profile

job title Security Analyst
location Boston
member since 2010
Summary profile See full profile »
Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

Robert's expertise

Member since 2009
739 posts62 comments

Who's commenting on Robert's posts

Ketharaman Swaminathan