Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Online Security, Identity Theft, etc.?

Dec 12, 2004 11:27PM PST

Is it important to Log Off a website when finished? For example, I sometimes forget to click "log off," after doing my on-line banking. Does it really make any difference at all? But, I guess that "log off" button is there for some kind of reason. Sometimes when I forget to log off, I will log on again just so I can officially log off. This must be silly, but I feel more secure afterwards. What's the purpose of logging off? For example, is it important to log off after using this Cnet website? I'll be interested to hear from some Log in/log off experts. Am I the only one that's curious about this? I'm embarrassed to ask. But this is a super-informative forum, so I guess this is the place to ask a dumb question. Thanks ahead of time. I guess I'll, uh, log OFF now -- but why?

Discussion is locked

- Collapse -
Re: Online Security, Identity Theft, etc.?
Dec 12, 2004 11:48PM PST

This is just what I do myself. Whether it is the correct way or not, I don't know but I've been doing it for years with no problems. If I'm at a bank, PayPal, or any other site that has my personal information on it I ALWAYS log off/out. If I am at a site such as CNET, my MSN group, or any other website that does NOT have my personal information on it, I NEVER log off/out.

- Collapse -
Re: Online Security, Identity Theft, etc.?
Dec 13, 2004 2:51AM PST

Wanna,

The "log off" issue pertains to the information that is stored by your web browser's "cache". Information about the "log on" data is stored in cookies and other files in the "Temporary Internet Files" folder (other locations as well) and will remain there until you change the "cache" information. The normal logic is to "log off" secure sites such as banking and online purchases, then close the browser session so that the data isn't easily retrieved from the browser's cache.

Here's just one link about the subject:

RBC Financial Group Safe Computing Practices

At the same time, because those cookies "remember" log in data, if you choose to stay "logged in" at sites such as CNET, the next time you visit, the information will be remmembered and you can log in easier.

With the information, it becomes your choice on which to do.

Hope this helps.

Grif

- Collapse -
Re: Online Security, Identity Theft, etc.?
Dec 13, 2004 10:12PM PST

Logging off is entirely on your shoulders. Thus, to make you feel better and safer, do so. This is the best answer to give since its on your side of fence don't expect anyone else or enity to safeguard what you consider important.

Websites do after some time period, log off or deactivate such to reduce security risks but the website follows its own security efforts and usually that's one of them its usually isn't immediate. I certainly would log off on any monentary site or high risk website like a purchasing one with credit card, plus look for the "padlock" symbol or any suggestion that it is a secure website for such transactions. I hope this helps...

good luck -----Willy Happy

- Collapse -
Logout
Dec 16, 2004 5:07PM PST

I try to remember the KISS formula. (Keep it Simple Stupid). Works for me anyway. But more to the subject - What would a prudent person do? I think log out is the obvious answer. The worst that can happen is you have to log in.

- Collapse -
Re: On-line Security, Identity Theft, etc.?
Dec 14, 2004 12:10AM PST

In addition to the above good advice you may want to keep your "cookie" file cleaned out. I use 12Ghosts Wash http://www.12ghosts.com/ghosts/wash.htm (It's free).
You can select the cookies you wish to keep, like CNET, and it will delete, on demand, all of the others.
There are other cookie cleaners but this one works for me.
By the way, I learned of 12Ghosts Wash right here on this forum.

DC

- Collapse -
On-line Security, Identity Theft, etc.?
Dec 14, 2004 6:06PM PST

I would recommend cleaning out your cache immediately after leaving a site where you've given important information. I make online payments and view credit card statements with passwords and always clean the cache right after exiting. Also use a good software firewall (I like Sygate free) or a router especially if online with Cable or DSL.

To Clear Cache in Firefox: Tools, Options, Privacy, Cache, Clear.

To Clear Cache in Internet Explorer: http://tinyurl.com/2ucfh

- Collapse -
Piggybacking
Dec 17, 2004 4:34AM PST

Here is the real reason you want to log off.
When you "log on" to a website, you are creating a "session" with that server. As long as that session remains active, anyone with your credentials (this means cookies, IP or MAC address) would be able to access that session. When you Log Off of a site, that session is destroyed and all access associated with that session is deleted.
To get a little more granular, let's say that a "baddie" is capturing traffic at the website "Bobs bank". You log into Bobs bank and access your accunt. Bobs server will send you a cookie and then open a session on the webserver by creating a special variable based on some kind of unique configuration (IP address, MAC address, the current date and time...whatever) This session will only work with your cookie. This combination is unique to your particular connection with the webserver.
Now, that "baddie" who was sniffing Bobs bank traffic has ALSO! captured the cookie information that Bobs bank web server sent. Now, you do your stuff, and just turn off your machine without logging off and now the "baddie" can access your still active session!
Of course it's far more complicated than this, but I've simplified it somewhat for shock value.
Identity theft is the number one crime in the United States...and it's bigger than anyone knows because most of the time it goes un-noticed or the victim just doesn't report it. I myself and my wife both were hit with identity theft, and I am extremly paranoid in maintaining security (like, get a cross-cut shredder than a regular shredder)
If you're diligent, then you can minimize your exposure...
Be Safe!
Ed
web/gadget guru

- Collapse -
log off or not...?
Dec 17, 2004 7:51AM PST

tek-ed listed one main reason for logging off. The other main reason is: If you do not have exclusive access to your computer. If you are at a friends house and check your bank or buy something online, and leave, he can return to the website and buy something else with your same information! This also applies to school/work computers that anyone else may use. Even without malicious intent, if they happen to return to the website, it will automatically think it's you and auto fill in all your information.

Hope this helps.
Aaron

- Collapse -
log off or not...?
Dec 17, 2004 2:30PM PST

I have been instructed to also close my browser after I log off. Is this necessary?

- Collapse -
close my browser after log off
Dec 18, 2004 5:37AM PST

It is not necessary to close the browser unless other people have access to the physical computer, eg at a library. Basically, what it accomplishes is to clear the browser cache, which may still contain enough info for someone else to re-open your secure session.

Another commentor has posted a URL detailing how to clear the cache without closing the browser, which is a bit more work unless there is a complicated procedure (eg multiple passwords) to re-open it and manually clearing is easier.

- Collapse -
close my browser after log off
Dec 20, 2004 1:50PM PST

I've used this small free program for a couple years to clean the IE cache easily, its been updated recently to work with Firefox also.
http://www.xs4all.nl/~mp2004/

- Collapse -
Yes, some times it is.
Dec 20, 2004 5:51PM PST

I said some times it is, because some sites stores cookies with your info on them when you log on, for example: Hotmail stores a cookie in your computer if you have choosen "remember my identity" or some thing like that, if your computer has not been booted, anyone who has access to your machine can copy that cookie to a floppy and download it to another computer, gaining access to your hotmail account without having to type your name or password, Bad isn't it?.

Imagine what can happen if a bank does something like hotmail do with cookies, i'm not saying that bank technitians are stupid, Ups... sorry Hotmail, banks cares about security, but remember, nothing is perfect, so better log out every time you log on.

- Collapse -
logoff
Jan 22, 2005 12:58PM PST

I do forget to log off yahoo all the time and when I go back to do the logoff I find that closing the brouser window does it for me (logging off that is). just tried it on this forum and had to log on to post this message so I assume closing the window is like an auto logoff by default unless/until someone with more knowledge or expertise can say otherwise?

- Collapse -
LOGGING OFF
Sep 3, 2006 3:00AM PDT

i would like to know the answer to that as well. I do a lot of online banking and sometimes i just click to a new site. I have had strange mail delivered to my house as well, like fraudulent medical claims to fictitious characters. did sign up for an id theft shield though and that gave me a lot of peace of mind.

- Collapse -
Logging Off
Mar 19, 2009 7:27AM PDT

Yeah, its very important to logoff after each session. At work we have a break room with a few shared computers. I always make sure to logoff and also I clear my cookies after finishing up with the computer.

<a href="http://www.premiumsafeidentity.com/">How do you prevent identity theft?</a>

- Collapse -
Here's what I do:
Mar 21, 2009 7:27PM PDT

Whenever I'm on a site containing sensitive data (banking, shopping, etc.) and am done, I log out of the site, close my web browser and then run the freeware CCleaner, available at http://www.ccleaner.com/ to delete my surfing traces.

No less than weekly, I run a program to securely erase all deleted data and make it unrecoverable. I use the paid East-Tec Eraser, but the freeware Eraser, available at http://www.heidi.ie/node/6 works almost as well and should be sufficient for most people's purposes. NOTE: Secure erasing of files and free space takes a long time. It's something that I do when the PC is unused, namely overnight. I also disconnect the PC from the Web during all this.

Hope this helps,

Paul