Internet Safety on Public Computers

It is safe to say that I travel a great deal and am well acquainted with amenities that make getting through airports easier. One of the things that I have come to rely on is the use of hotel computer for early airport check in.

I stayed at a three star hotel this week on the west coast. As I was checking in I noticed a user at the computer doing exactly what I was going to do next: check in for his next flight. The hotel computer was situated where I could even see the website which he was logged in on: Delta, the same one I was fixing to visit. I heard the printer and watched the user retrieve his boarding pass. What convenience. The travel-powers-that-be have actually done something helpful for us. There he goes; now it’s my turn.

Within five seconds I was at the Delta website and the first thing I noticed was the previous user – the guy who just left with his boarding pass in hand – had not logged out. Wow, it’s all right here staring me in the face: his name Roger – I’ll leave out the last name, his sky miles number 203… and the miles in his account with more than 628,000. Roger hasn’t got a clue that he’s left me, a total stranger, access to his flyer account. What did I do? I logged out of the airline website for Roger and signed out of the session.

But here’s is what could have happened:

With these miles a person could book a flight to Hawaii, stay on Waikiki, get a rent car, tour the island and go whale watching all on Roger. While still in his account they may even send flowers to Aunt Martha who is in the hospital recuperating from surgery. Don’t want a vacation? No problem, with just a few clicks they could stoke up on gift cards to your favorite restaurant, movie theatre or retail store. It’s all right there on you can find some way to spend the miles you have earned. Some vendors have no conversion fees, you just pay with miles and give them an address where to send the cards – or better yet go to the vendor’s website, download the gift card and print it. Either way in a few clicks of the mouse all of the miles Roger is saving to surprise his wife with a European vacation for their anniversary are gone.

Chances are good that Roger’s not going to even go to the airline website until he’s ready to check in for his next flight – which may be days, or weeks away. By then when he actually notices his flyer miles account is empty there is not much that can be done.

If you’re thinking: that can’t happen because when it comes time to present a credit card to pay for the junk fees the card won’t match Roger and the transaction won’t go through. Wrong. Believe it or not some airlines allow you to store your credit card information on their website for your convenience. If no credit card data is stored, the airlines only ask for: the credit card number, a billing address and the security code that match the card you have presented. From there the vacation is on Roger.

So why did this happen?

More than likely Roger just went up to the box in the top right corner of the window and clicked the X. This only closed the window – his personal session on remained active until it timed out. It takes approximately twelve minutes of inactivity for the average airline, banking or retail website to automatically log out due to inactivity. In the mean time, when was pulled up from the same computer before the automatic log out was activated Rogers session reappeared.

Still don’t get it?

It’s about internet security. Most people do not realize that when you log in to a website your personal session remains active until you log out or until the website times you out. If you X out of your session you are relying on the website to automatically time you out before a thief finds your unprotected, active session. That’s right, the thief does not have to be at the hotel using the same computer you were.

Roger did not log out, and he, like many of you, did not even consider that someone could come along before the website automatically times out your session and actively use your account. Thieves have computer programs that search cyberspace for unprotected active sessions on random websites; often times that is how internet accounts become compromised. Once they have stolen your active session it’s only a matter of time before they decode your password, enter your account at their leisure and wreak what ever kind of havoc they desire.

So what do you do, quit using the hotel computers?

Using the hotel computer is fine as long as you are smart about it. The most important thing to remember when you are using any public computer is to:
1.   Log out of your personal session from which ever website you are visiting;
2.   Sign Out from your session on the public computer; and
3.   Reverse the process to check and make certain your session is not still active.

Roger? You are welcome.

Lane Taylor