Website Access

Active or continued website access sessions from public computers present huge security issues and most people are unaware of the risks. When I tried to login to my LinkedIn account today from a public computer, I noticed that another account was already in active session and I could have easily changed any information or setting on that account. I could not tell when the person used the computer to access her LinkedIn account but the longer the signed-in session remained open and active, she exponentially exposed herself to increased unauthorized access and modification risks.

Some web accounts and browsers allow a user to be remembered each time they want to access their account. This option is usually provided to bypass the sign in process which requires an ID or email address and a password to facilitate a quick sign in, however, the option includes additional security risks as I mentioned.

In the case of LinkedIn, when you sign out of your website access session, you still haven’t completely signed out. The next time you visit the site, the browser will remember who you are and you can still view your home page. However, to view or change your private information, you’ll need to sign back in. For a complete sign out process, you need to sign out completely. You might say the risk is minimal and I agree, however, there is still more security risks than if you had completely signed out and closed the browser.

When I signed out of my account but stopped short of completely signing out, I was still able to view more personal information that I would normally be allowed to with a complete signed out account. For example, I was able to see all group discussions and members. Normally, LinkedIn users don’t have access to such information unless they’ve applied for group membership and have been approved by the group owner.

I personally don’t like this two step process for signing out of an account. I think it’s more work for users and kind of misleading making users believe that their personal information is private when in fact it is not. With social networking sites, we share a lot of personal information with millions of people, and although we have some control over what and with whom we share our information, there are still a lot of website access security issues that we need to be concerned about such as the privacy of our information and unauthorized modification of our information and account settings. In the case of LinkedIn, the first sign out of the two step process prevents unauthorized modifications but doesn’t prevent privacy disclosures as personal information continues to be visible.

When using public computers for website access, always make sure that the public computer used for accessing websites is not remembered the next time the same computer is used to access the same site, and completely sign out of the account for maximum security and privacy.

Update: In the case of LinkedIn, the two step process for signing out was eliminated in October 2008. Users need to only sign out once in order to completely exit the LinkedIn site.

Return to home page from "website access".