Does my Internet cache store private info like passwords and account numbers?
Managing user names, account numbers, and passwords is a royal pain, isn’t it? If you’re like me, you have ATM cards, home security systems, work security systems, voicemail access, computer accounts, Internet access, e-mail accounts, online banking, online insurance, online brokerage accounts, and dozens of Websites that you regularly access - all requiring unique user names and passwords. Internet Explorer and other Web browser attempt to help you manage your passwords by storing them in a cache. Simply allow the Web browser to “remember” the password and you can relax - or can you?
Because you computer can store this data, your system is automatically compromised. Imagine what would happen if your laptop were stolen. Could the thief simply start visiting financial Web pages until he finds your bank complete with your account number and password pre-filled in? Conceivably, yes. If you haven’t cleared your cache recently, all he would need to do is start entering each letter of the alphabet into the address bar.
Try it and see. Enter “a” into your address bar. What shows up? A whole screen appears listing all of the websites that you’ve recently visited beginning with the letter “a.” Did “Allstate Insurance” just pop up? Is your account number and password pre-filled in? Now try “b.” Gosh, is that Bank of America?
The above example is an extremely low-tech way of discovering your Web accounts and stored passwords. It also illustrates how quickly anyone can access your financial information without having any technical abilities or know how. More sophisticated users can go in and get even more sensitive data.
Fortunately, you can do a few things to further protect your financial data. First, most financial institutions using online banking have implemented more secure log on practices. For example, Bank of America will remember your “Saved online ID” though it blanks out most of the numbers. Once you click “Sign in,” you’re taken to a screen where you must verify a pre-identified image called a “site key” before entering your passcode. ING Direct takes it a step further by implementing a similar setup but requiring you to enter your password using a numeric keypad to represent the letters of your password. Each time you log in, the keypad has a different set of corresponding letters to numbers.
A variety of systems on your computer attempt to help make browsing easier but they do raise security concerns including cookies (which can store your passwords and account numbers), temporary Internet files, and browser histories.
Internet Explorer provides a way for you to delete this information. Steps vary depending on which version you are using. In IE 7, go into Tools>Internet Options. The General tab has an area devoted to Browsing History. Click the Delete button and you will be able to delete:
- Temporary Internet Files
- Cookies
- History
- Form Data
- Passwords
Once you’ve cleared the sensitive information, you need to have a new resolve. Can you remember all of your passwords and account numbers without relying on these built-in tools? Start by refusing to allow Windows to save your form data and password information when prompted. Regularly clear your Browsing History items.
Consider offline methods for managing your passwords. For example, Bank of America offers a “SafePass” security option where you can get one-time passwords delivered to your cell phone. As soon as you use this one-time password, it expires. You get a new password the next time you need to log in.
Celeste Stewart | April 28th, 2008
You can leave a comment, or trackback from your own site.
