- Bargaineering - http://www.bargaineering.com/articles -

Don’t Access Private Information from Public Computers

Our home recently lost Internet access because our Verizon FiOS cable modem/router died (after only a couple months!) and my wife sauntered over to the library next door to prepare her taxes while I was at class Monday night. As you can imagine, when she told me this, after she’d prepared her taxes, I got nervous that she had put all that sensitive information through one of the publicly accessible computers at the library. Fortunately I was wrong, she was merely using her own computer connected to their network and thus safe in this regard.

I segregate the world of “personal/private information” into sensitive and routine information. Sensitive information covers all financial and personally identifying information such as bank and brokerage accounts, business assets, and anything account that would cause considerably harm if compromised. Routine information covers everything else including email. Loss of a routine information account wouldn’t cause too much harm (I’d be furious though) and wouldn’t compromise sensitive accounts. This means that sensitive and routine accounts never share the same password, this is a crucial step.

Why do I do this? Publicly accessible computers, such as terminals at libraries and hotels, aren’t within your control and so you never know what’s been done to them. At worst, they have keyloggers installed, either software or hardware, that log your every keystroke. Those keystrokes can be replayed back at a later time for someone to gain access to your accounts.

Also, I can’t trust myself to clear the cache, cookies, and other information every single time (on Firefox, it’s easy, go to Tools -> Clear Private Data or hit CTRL-SHIFT-DEL). What if I’m lax and click “Remember Me?” and leave myself logged in? What if I tell Firefox to save the password out of habit? What if I simply don’t log out and the next person on gets access to my information? Security breaches aren’t always the cause of a malicious act, sometimes they’re caused by user error or mistake meeting an ethically-gray opportunist.

Chances of theft are low. I recognize that the chances of someone installing a keylogger on a hotel computer or the chances of me leaving myself logged in and the next person being an ethically-gray opportunist is slim, but I see it as not being worth it. 99.99% of the time, I won’t ever need to log into a brokerage or bank account at the hotel so why bother?