Safely signing in on a computer that’s not yours

One of the big problems with the proliferation of spyware and bots is that using a computer that has not been in your possession or control 100% of the time could result in bad things happening when you log into a website. Basically your password can get stolen and your account hijacked. If it’s your email or Facebook account that this happens to, a lot of really unfortunate things can happen to your data, and your friends can get spammed.

This is why I never use anyone else’s computers but my own, and I insist on taking my iPhone and laptop with me when I travel and using either Wifi or International data to get my email, log into Facebook etc. However there are cases where you need to get to your email account from a computer that’s not yours (like a hotel to print out a boarding pass, get important documents in your email etc). For this reason, the folks that work on Windows Live ID built a single-use code login feature.

The way this feature works is that when you type in www.live.com or www.hotmail.com there is an option to Sign in with a Single-use code.

Image001

Selecting that option will send an SMS message to a mobile phone number with a numeric code that you can then use to log in.

Image002

This feature requires that you previously registered this code with Windows Live, which you can do at http://sms.live.com

Here is what the SMS message looks like.

Image005

I hope more services add these really useful safety features.

About these ads

7 thoughts on “Safely signing in on a computer that’s not yours

  1. There’s one other thing that Windows Live (and GMail) does that not all other sites do (like Twitter and Facebook): login over SSL. If you’re using a shared WiFi network and logging in to a site like Twitter, all someone has to do is run Wireshark and sniff the traffic on non-encrypted logins. They now have your password when you log in.

    And if you’re already logged in (say you brought your laptop), then they can still sniff your cookies and use that to hijack your session.

  2. This happens even over a WPA network if the person running Wireshark has the key. Again, consider staying at a hotel that offers WiFi. They provide a WPA key to everyone. Imagine that someone malicious is staying at the hotel–they can sniff all the traffic that shares the same access point. I admit that it’s a less attractive target than an open network at a coffee shop, but it’s still a vector, and particularly so if you consider people attending a conference and all staying at the main hotel.

  3. Wire sniffing happens WAAAY less often than infected machines. There’s millions of infected machines out there. (And of course they could always start doing more wife sniffing)

    Kudos to Windows Live!

Comments are closed.