Avoid staying signed in on a public computer

Discussion:

Add Reply

Mr. Man-wai Chang

2025-01-25 12:24:51 UTC

Avoid staying signed in on a public computer
Your sign-in experience is changing
The web browser sign-in experience is changing when you sign in to any
product or service using your Microsoft account. Starting in February
2025, you will stay signed in automatically unless you sign out or use
private browsing.

Instead of saying "avoid satying signed in", why not "Always LOGOUT or
SIGN OUT"? Make it a die-hard habbit!! :)

Adam H. Kerman

2025-01-25 16:45:50 UTC

Permalink

Post by Mr. Man-wai Chang

Instead of saying "avoid satying signed in", why not "Always LOGOUT or
SIGN OUT"? Make it a die-hard habbit!! :)

What if the user loses the signal before the session closes nicely? I'm
assuming the session remains open with some sort of session ID which is
what allows it to persist from device to device and application to
application.

That makes it possible for a nefarious actor to take over the still open
session.

What an incredibly insecure practice this is.

Mr. Man-wai Chang

2025-02-05 15:49:03 UTC

Permalink

Post by Adam H. Kerman

Post by Mr. Man-wai Chang
Instead of saying "avoid satying signed in", why not "Always LOGOUT or
SIGN OUT"? Make it a die-hard habbit!! :)

What if the user loses the signal before the session closes nicely? I'm
assuming the session remains open with some sort of session ID which is
what allows it to persist from device to device and application to
application.
That makes it possible for a nefarious actor to take over the still open
session.
What an incredibly insecure practice this is.

"avoid staying signed in" meant you had already logged in. That's why I
suggest logging out properly. :)

Of course, it's better to NEVER EVER SIGN IN in public
networks/computers including free wifi.

But nowdays HTTPS is widely used, it is quite secured for surfing
websites with login but unrelated to money.