Sign Out!

I’ve written a lot of articles for this blog where I pontificate about why you need a password, why password strength is important, how you should protect your passwords, what the alternatives to passwords are, and computer security in general.  Let’s say you have followed all my advice.  You formulate your passwords using a proven method.  You don’t use your passwords for multiple sites and purposes.  You change your passwords often.  From a security standpoint, you are in pretty solid shape . . . or are you?

Many of us still find ourselves in situations where we are using community devices to complete our daily computing activities.  You could be on a business trip and you make use of the business center in the hotel.  You may be a student and you use one of the many public workstations available in the library.  The reasons why you can’t use your personal device range from cost to convenience to access issues, but the bottom line is you need to use a computer that is meant to be used by many.

The device may be a bit foreign, but let’s face it . . you are just accessing a web browser.  Let’s take a closer look at your everyday activities which require a user ID and password to access.  If you are using a web-based email program like Gmail, then you must login.  If you are a social media aficionado, most sites like Facebook and Twitter require a login.  Most of you will have likely opened several tabs within the browser window so you can monitor email, Facebook, Twitter, and any other messaging sites.  You do what you need to do at the community computer.  Now what?

If you are at home and you are finished using your own computer, you likely stand up and walk away.  If you do that when using the computer in the business center or the library, the consequences could be dire.  You need to make a conscious decision to sign out of each of the sites you have logged into before leaving the computer.  Closing the tabs or even the browser will not always clear the session.  That means the next person walking up to your computer in the business center or the library could have access to any sites you did not log out of.  Facebook and Twitter posts could be made and attributed to you.  Emails could be sent to your contacts or others unknown to you as if you had sent them.  Open chat sessions could take a strange turn of events as your tone of voice may seem different to your chatting partner when it is no longer you.  All of this can happen even if you have the strongest passwords in the world.  The strength of the password is irrelevant if the thief never has to use it.

When traveling and in a situation where I have to use a community computer, I make a habit of ending my work by deleting the web cache and signing out of each of the sites I had logged into.  In this way, there is no trace of my time on the computer and nobody using the computer after me will have access to my personal information.  One more thing to remember . . I do make a habit of checking the ‘remember me on this computer’ box at home, but it goes without saying that this is a terrible idea when I am using a community device.  Be vigilant and your identity will be safe.

The Death of CAPTCHA

I just read an article proclaiming that CAPTCHA might be on its last legs.    The acronym is short for ‘Completely Automated Public Turing test to tell Computers and Humans Apart.’  The purpose of CAPTCHA is to prevent automated computer ‘bots’ from performing actions on the internet that are intended for people to do.  These actions include making purchases and providing personal information.  The CAPTCHA is a picture of jumbled letters and numbers that the user is asked to reproduce.

I have made light of the CAPTCHA in previous posts and it appears I am not the only one.  Failure rates are high when end users are asked to retype the letter jumble and that leads to frustration, wasted time, and ultimately, lost sales.  Neither the vendor nor the shopper are happy.  Sure the CAPTCHA has prevented non-humans from invading the internet, but it appears it has also prevented a lot or humans from making purchases as well.

The solution proposed is about the last one I would have thought of, but it is strangely simple and effective.  Some companies are starting to run banner ads within their sites featuring complimentary products from other companies.  During the user verification process, they ask the customer to type in the name of the company featured in the banner ad.  As with the CAPTCHA, this ad is always changing so it insures that a human must verify the ad in place.

This new method of verification is great for the vendor.  They know they are dealing with a human being.  They know their customers won’t have to struggle with the squiggly letters in the CAPTCHA.  On top of all that, they make a further profit through the advertising dollars they raise from providing the banner ad space.

Likewise, the new method of verification is great for the customer.  There is no further angst with guessing the CAPTCHA letters as they simply have to type in the company name featured in the banner ad.  If they are so inclined, they can save time by surfing to the complimentary products found in the banner ad.

A new and third party benefits as well.  As long as they don’t compete with the hosting company, banner ad participants have found a new and lucrative home for their product placements.  Revenue is available in a way it was never really available before.

And to think, this all started with complaints about CAPTCHA, the very process which was to prevent the problem!