Melbourne and Amsterdam, 19 January 2011 — Failure to properly log out of shared PCs is one of the most common causes of security breaches.
Is your work or home computer accessible to others? Do you leave your PC on when you leave your desk? Do you leave Facebook or other social networking pages open on your PC when you’re not there? Can work colleagues or other people access your work PC? Can family members or visitors access your home computer?
Do you ever log in to public PCs? Maybe you sometimes use an Internet cafe, the business centre at a hotel or airport, the bank of shared PCs at a conference, or take advantage of free Internet access at a public library?
Maybe you’re still a student and use school PCs, or friends’ PCs, regularly?
Lloyd Borrett, Security Evangelist at AVG (AU/NZ), says “If any of these scenarios applies to you, then it’s vitally important that you make it an ingrained habit to log out. Oh, and wait for the confirmation that you are logged out.
“Any PC you share, or any shared PC you use, is at an increased risk for viruses, spyware, key loggers, worms, Trojans, rootkits or any other malicious software (malware).
“It’s possible that the shared PCs you use have fallen victim to cyber criminals, which means they could steal your passwords or even bank account details and other personal information. When using these PCs you’re also deciding to trust the administrator, or the last person to use the computer before you. And if you don’t log out, you’re going to need to trust the next person to use the PC as well.”
Home or Office PCs – Log In, Log Out
In an ideal world, you should always log out before you leave your desk. But, of course, most of us don’t live in that world. So what can you do to help protect your precious data?
- Set up a password-protected screensaver to activate after some period of inactivity, in case you forget to log out, so the PC will effectively do it for you. You will have to re-enter your log in credentials to unlock the screensaver and regain access to the PC, but that’s safer than leaving it accessible to anyone passing by.
- Always log off from any online email accounts or social media applications like Facebook and Twitter when you leave your PC. Otherwise it is possible for anyone to send spam messages or masquerade as you using your own accounts.
- Set up password protected user accounts, and make sure the user account you use most of the time doesn’t have administrator rights.
- Make sure your passwords are secure 8 or 12 character long ones (and don’t keep them on a Post-It note on your desk!
- But most importantly, log off religiously.
Shared PC Accounts – Log In, Log Out
Today many of us use a mountain of web-based ‘in the cloud’ services for email, chatting, social networking, community and support forums, online shopping and banking, online gaming etc. Most of these services require us to log in using a username and password as identification. However, many also provide a “Remember me” option, and we’re lazy enough to use them.
Typically this feature will use browser cookies to save your username and password so that you won’t need to remember them next time you log in. Of course some browsers also have their own “Save password” or “auto-complete” feature, which remembers usernames and passwords.
The problem is that the use of these features on shared PCs often makes us vulnerable. We are now putting our trust in the next person to use the PC.
“A few weeks ago a friend used my netbook PC to check his Gmail account,” recalled Borrett. “A short time later I went to check my Gmail account, but found that the PC was still logged in to his Gmail account. He was horrified when I showed him how I could now read his email and if I wanted to, send email pretending to be him.”
Protect Yourself — Always Log Out
When you log into PCs that are not your own, follow these five simple security tips:
- Make sure you log out of any user account, web service or program you are logged in to.
- Use the Windows logo key+L key to at least lock the PC you’re using if you have to move away from it.
- Don’t use someone else’s computer to log in to one of your web-based accounts which contains sensitive data and don’t do online banking or online shopping. Always use your own PC for these sensitive activities.
- When using a shared PC, you should never check a “Remember me” box. If it’s already selected by default, remember to uncheck it.
- If you get an auto-complete pop-up while logging in to any account on a shared PC, read it carefully and be sure to click the “No” option.
Some web services like Facebook also let you check to see if you’re logged into your account on a different computer and remotely log out if this is so. For Facebook, click on the “Account” tab in the upper right-hand corner of your profile page, click on “Account Settings” in the drop-down menu and view the new information about account activity under the “Account Security” area.
Borrett says, “It’s quite simple really, just log out of anything you log in to. Lock the PC if you’re not using it. And don’t use those seemingly helpful “Remember me”, “Save password” options on shared PCs.”
AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. To see Lloyd talking about Log On, Log Off, see http://www.youtube.com/watch?v=WuUa_Wtp_9c. For more video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.