|
|
Post by BATouttaheck on Apr 3, 2020 23:03:28 GMT
Does it make any difference, security wise, to log-off between sessions, here or elsewhere ?
Am using one PC at one location with no other potentially snooping computers in the vicinity.
|
|
|
|
Post by Admin on Apr 3, 2020 23:07:45 GMT
Technically, you are automatically signed out after 15 minutes of inactivity.
|
|
|
|
Post by BATouttaheck on Apr 3, 2020 23:14:16 GMT
So
That's a "yes, it's safe to stay logged-in between visits here. No need to log off and back on. " ?
|
|
|
|
Post by Admin on Apr 3, 2020 23:16:25 GMT
So That's a "yes, it's safe to stay logged-in between visits here. No need to log off and back on. " ? No, it's more of a "always off when using a device that can be accessed by others," especially if your logon credentials are stored on it.
|
|
|
|
Post by Catman on Apr 3, 2020 23:18:58 GMT
Most of those rules about signing off and closing your browser are intended for folks using public computers, such as one might find in a public library or university computer lab.
And if you make a habit of visiting dangerous websites, it really wouldn't make any difference what you do.
|
|
|
|
Post by BATouttaheck on Apr 3, 2020 23:24:43 GMT
This is a devise not accessible by others.
I turn it totally off (or let it nap short term ) when it is not actively in use.
|
|
|
|
Post by BATouttaheck on Apr 3, 2020 23:30:45 GMT
Most of those rules about signing off and closing your browser are intended for folks using public computers, such as one might find in a public library or university computer lab. And if you make a habit of visiting dangerous websites, it really wouldn't make any difference what you do. That's the way I understood it to be β¦. the question came up in conversation and made me wonder if I had been doing it wrong. Have been getting those "you need to update the Virus scan program you don't even own" and "Your Window 10 is about to self destruct .. call us !" things and it was suggested that not signing off might somehow be the reason. Occasionally get sent to a "dangerous website" but have stopped clicking newsylinks here unless the poster is known to be trusted. 
|
|
|
|
Post by Admin on Apr 3, 2020 23:34:57 GMT
This is a devise not accessible by others. I turn it totally off (or let it nap short term ) when it is not actively in use. I never actually log off, either. I use a PC and a couple of mobile devices, to which nobody but me has access. That little box when you sign in that says something like "remember me" or "stay logged in" seems somehow relevant...
|
|
|
|
Post by BATouttaheck on Apr 3, 2020 23:40:56 GMT
Yep .. that's the way I have it set up. I just click on the favorites tab and that's it. It's one of those situations where someone asks or suggests something that sounds plausible and makes you wonder if you have been doing something wrong β¦ Thanks again for the techy help Admin and Catmanthe checks will be in the mail !  |
|
|
|
Post by mslo79 on Apr 3, 2020 23:48:18 GMT
If someone you don't trust has physical access to your computer then naturally sign out of your account. but for non-higher risk stuff, like this IMDB2 account, I would probably just stay logged in for convenience sake. but if your worried about someone messing with say your Amazon account and the like, I would just sign out of those after use.
but if your concerned about general security online...
-Use a password manager (I would not ignore this one!)...
it's unwise not to use one of these. because many people seem to use the same crappy password for multiple accounts so if one of your accounts got compromised, then it might not take much effort for a shady person to potentially compromise others. but with a password manager all you have to do is remember one password (the master password to the programs password database it creates) and it gives you access to all websites you store in it's database which will generate random/long secure password for each website you use. this way if one of your sites happen to be compromised the rest would still remain secure. IMPORTANT: if you do opt for using a password manager, which you should, make SURE to make a backup copy of the password managers database file so this way if your computer dies out of no where, you will still have a way to restore the password managers database file. because losing this will be a pain in the butt. so don't lose it.
-Yubikey (you need two of these which is $40 MAX (like $40 tops for two keys) on their official website)...
with one of these on your Gmail account, you can't be Phished. in other words... even if someone got a hold of your login credentials (i.e. username/password) they still can't get access to your Gmail email account. NOTE: think about this... if someone shady got access to ones email they could potentially use it to reset password to all sites you got access to which could pose a big problem. the technology behind Yubikey is the most secure form of two-factor authentication available as using ones smart phone is better than nothing but it's not fool proof where as with Yubikey it's never been bypassed and it's been around for many years now. they are made in USA/Sweden and seem to be built to last. it's easy to use as you simply login to your Gmail account like usual, with username/password but when you try to sign-in with that info it will ask you to insert the Yubikey and you simply tap your finger on the Yubikey and it will sign you in. it's nice and simple to use. only potential negative with the basic Yubikey is, since it requires a computer with a standard USB port to work, you won't be able to login on a smart phone etc. Yubikey works on Chrome/Firefox browsers (it might work on others but I know it works on those two for sure).
NOTE: the reason you need two keys and not just one... while one will technically work, if you happen to lose that single key it's probably going to be difficult to get back into your Gmail account. but with two, you use one and store the other in a secure location. so this way if you happen to lose the primary key, you can use the backup key to get access to your Gmail account and remove the lost key and then you can simply buy another key and register that to the account and then you will have two keys setup once again with one key stored in a secure location while the other you use in general.
-Use a quality ad/popup blocker...
I suggest uBlock Origin by Raymond Hill. the internet would suck without it pretty much.
-Be cautious of clicking on random stuff in emails. like for example... if you get a email that looks legit saying you need to sign into your bank account to update some info. instead of clicking the link there, ALWAYS manually login to your bank by entering the website in your browser and check from there. or another thing I have heard which plays inline with this... if you did not go searching for it and something is asking for some sensitive info, just assume it's a scam.
-If you got a old computer, if you want even extra security, install Linux (I suggest Linux Mint(it's free)) to it as it will give you a secure machine for doing more sensitive stuff online. just using Linux online gives one a security boost because many threats are Windows specific and won't effect you on Linux.
p.s. it would probably not even be a bad idea NOT to save any credit card info to your accounts as this way if someone happened to get access to your account they can't do all that much and can't do anything funny with your saved credit card info. using Paypal is usually a good idea and gets rid of this potential issue and many places use Paypal. but in general using Paypal online to pay for stuff is more secure than using a credit card directly especially with 'Magecart' crap online effecting some sites as just by going to a compromised website and ordering something they can steal your credit card info but if your using Paypal they can't do it.
|
|
