|
|
By Steve VanDevender ( stevev@darkwing.uoregon.edu)
Some software--e.g., email services like Hotmail, Eudora, and Microsoft Outlook, an FTP client, or modem dialup software--offers you the choice of storing your GLADSTONE, DARKWING, or OREGON password to streamline access to your account.
While the convenience may be tempting, you should avoid doing this unless you can ensure that you have exclusive access to that computer system. Whether you're working on a public computer or your own desktop computer at home, you are still vulnerable.
For example, if you set up Hotmail to retrieve mail from your GLADSTONE, DARKWING, or OREGON account and store your account password in your Hotmail profile, you're running a significant risk of password theft. Hotmail has had a series of well-publicized security problems involving theft of Hotmail account profiles, and since millions of people use Hotmail it is a tempting and profitable target for attacks. We've already seen a case in which a UO student's GLADSTONE account was accessed without her knowledge or permission, apparently because someone obtained her password from her Hotmail profile.
Recording your account password on a public lab computer may expose it to other people who use the same computer later. If you share your computer with roommates or keep your computer where visitors can easily access it, you may also run the risk of having someone discover one of your stored passwords.
We strongly recommend that you safeguard your personal computer with some kind of password protection. Require a password for deactivating a screensaver or for booting and accessing your computer, and don't otherwise expose your computer to random use.
Many people wonder why they should take steps to protect their exclusive access to their GLADSTONE, DARKWING, or OREGON accounts, saying "I don't keep anything important there, so I'm not worried about anyone else being able to get at my files." In the majority of cases investigated by our system administrators, intruders don't want access to your account to look at what you have in it. Instead, they use stolen accounts to mount security attacks against university systems and others on the Internet, or to illegally exchange copyrighted software with others--often without your knowledge and without obviously interfering with your normal use of your account.
Should you be the unwitting victim of one of these attacks, you could temporarily lose access to your account while the situation is being resolved. So take the time to protect your account password; this one small step can go a long way toward preventing major headaches later on.