Knock Knock.
Who’s there?

City Police.
What do you want?

We need to speak with you about a recent incident that involved your car.
My car? I wasn’t involved in any incident! Are you sure? My car could not have been involved; it is parked in my barn.

We have pictures and witnesses to show that your car was involved.
Can you prove that it was not involved?

Could something like this happen to you but involve, not your car, but your E-mail, banking or other computer accounts? It is more common than you might think. When using a public computer, if you walk away without ensuring that you have successfully logged out of all of your sessions, you are essentially “leaving the barn door open” for the next person who uses that computer. He or she can easily use your active sessions, for example, a web site you opened, and it will look like it was you using the computer. That person can send E-mail messages you would not want to have associated with your name; he or she could make purchases using your name and/or money; he or she could modify information about you that might cause problems. Worse, you may never know this happened, or you may find out that it did happen after all the damage is done. This is bad for many reasons, not to mention that at UNH you are responsible for protecting your accounts and how they are used. One of your most basic responsibilities as a user of information resources at UNH is to ensure that other people do not use your accounts.

Knowing that you should log out of all of your sessions before leaving a public computer is only half of the answer. Understanding what it means is just as important. Below are several tips to help you ensure that you successfully logged out.

• Know the service and application program you are using and know what is the correct way to log out. Most web-based applications have some form of “logout” button. It is important that you click this button and look for a confirmation that your account was logged out.

• After you log out, “exit”, “quit” or “close” the application program as an additional level of protection.

• Make sure that you know whether you have more than one application, session, or browser window open. If you do, log out and exit from all of them.

• Depending on the computer you use and the local policy of the public computer cluster, you may also be able to log out of the operating system, reboot the computer, or shut down the computer. Check the instructions in the public computer cluster that you use whether rebooting or shutting down is permitted or recommended.

• One way you can test whether you successfully ended your sessions, is to start up the application after you have logged out and exited it, and see if the application will access your account without you providing your password. If yes, you are not successfully logged out.

Petr Brym is the CIS Information Technology Security Officer and regular contributing author to Signals. For additional information on Safe Computing @ UNH, please E-mail Petr.Brym@unh.edu.