Vassar Technology Today | Closing your web browser can prevent keystroke logging

Mathew Leung Managing Editor

Public computer clusters are popular on college campuses. A common question that arises among users is: after accessing password-protected sites on a public computer, is it possible for someone to access your account if you close the browser window but forget to log out?

Ideally, this wouldn’t happen, as highly secured sites, such as on-line banking and Vassar’s webmail (webmail.vassar.edu), are designed to terminate a secured connection once the browser window is closed. However, other sites, like Facebook (facebook.com) and Blackboard (blackboard.vassar.edu), maintain a secure connection until the user hits the logout button, making it possible for others to access your account.

On the other hand, for applications such as AskBanner (secure.vassar.edu), the only way to close the secured information after logging in with your password is to close the browser window. For example, let’s say you decide to look at your transcript on AskBanner or your student bill on BannerOnline, and then check your e-mail. You remember to log out of your e-mail, but leave the browser open on the public computer. Someone hitting the “back” button a few times would see your transcript or bill. In fact, as long the web browser is open, any secured connections established will remain active.

Hence, closing your browser window could be as important as logging out. If you forget to do either, however, changing your password often invalidates the secured connection established with the old password.

Sometimes simply typing in your password can put you at risk. Keystroke logging programs (programs that log the password you type and send it to a criminal) are popular and can easily slip into a computer via e-mail attachments, freeware programs, or file download from peer-to-peer (P2P) networks. When using a public computer, the risk increases if you are unaware of previous activities on the computer that might make it vulnerable.

However, this does not mean that you are hopelessly at risk of giving your password away when in need of private information on public computers. One solution is to simply alternate between using the mouse and keyboard to enter a password. You can copy onto the clipboard one or more letters that are part of your password, and then right click (control-click on a Mac) and choose paste as you are typing in your password to fill in some characters without typing. Contents of the clipboard are cleared during logoff, restart, or when replaced with new information.

It is likely that keystroke-logging programs will overcome this measure in the future, as on-screen keyboards were once thought to be a solution to keystroke-logging programs. For your own computer, one way to clear such programs is to use a spyware removal program such as SpyBot Search and Destroy (a free application, spybot.info). Nevertheless, the only foolproof solution is to frequently change your password.