[ Go to May 1997 Table of Contents ]

The Explorer /
Fred Langa
Fred Langa

Beware of Log-On Hijackers

A friend of mine had a really bad day online a short while ago. She was having trouble with her online account and asked me about it. She wondered why the service was telling her she couldn't log on; it kept saying her account was already in use. Ouch.

Sometimes, an "account already in use" warning means someone has cracked your account name and password. They've hijacked your account and logged on as you. Back in the days before flat fees, that could have been a major financial problem, because you'd be billed for their connect time. Today, there's less of a financial risk, but it's still no picnic to think someone is masquerading as you, sending e-mail under your name, rooting through any personal information available and doing who knows what in various unsavory corners of the Net. At the least, it's an annoyance. At worst, it could lead to scandal and public humiliation. (At least one sexual harassment suit has been brought as a result of forged e-mail.)

Other times, a busy account may be the result of someone being duped by one of those all-too-common bogus "customer support" e-mails or instant messages. They usually go something like this: "Hi! Glad you're online! I'm from Customer Support, and we've just noticed a problem with your account. We had a crash last night that wiped out a portion of our records here, and we're working around the clock to fix things. Your account is working now, but your log-on information looks corrupted. If we don't reenter it, your bills could be messed up or you may get locked out of your account. Please send me your password and credit card information again now so we can ensure uninterrupted service ...."

Amazingly, people-especially newer users and young people-fall prey to such scams all the time. Then, when they do get locked out of their accounts, they may assume it's merely the system failure-until their next credit card statement shows up.

Fortunately, neither of the above pertained to my friend's case: Something simply got munged in the online service's files so that her account was being mixed up with someone else's. It didn't affect e-mail or private files, but the log-ons and billing were messed up. She got the log-ons fixed, but I don't know how long it'll be before she sorts out the billing.

I don't mean to alarm you, but when was the last time you thoroughly checked your online account's status? Most services offer an easy way to view an itemized breakdown of how long you were online and when. If you make it a habit to check this every week or so, you can detect unusual activity before it goes too far and take steps to make things right.

While you're at it, when was the last time you changed your passwords? Most security authorities suggest changing your password at least once a month, but most people keep their passwords forever. Worse, the passwords people use are often extremely easy to guess. The three most commonly used passwords are "secret," "password" and simple variations on family names and personal dates-stuff any moderately skilled cracker can figure out. Obscure ordinary words are no good either, because a password-cracking application can run through entire dictionaries, trying every listed word until it finds a match.

Ideally, a password shouldn't be a normal word or anything associated with your personal life, and should contain a mix of numbers, symbols and letters-something weird and unpredictable, such as "rutabaga*936*" or "1+nostril." Passwords like these are distinctive enough for you to remember them, yet virtually unguessable.

Keeping track of all your passwords is a problem, but WinMag has reported on some workarounds. International Systems' Password Master, for example, lets you safely store all your account information and passwords in one centralized, DES-encrypted file. The software keeps track of all your passwords and account information, so you don't have to struggle to remember a dozen passwords, and you can easily use passwords that are longer and more obscure and thus harder to crack. And with a software assistant ensuring you never forget a password, changing passwords regularly becomes more palatable. Password Master costs $29.95, and you can get more information at

In any case, don't leave your online accounts at the mercy of the billing computers and security procedures of your online service or ISP. Take charge, and you can avoid unpleasant surprises.

Now let's talk about what I hope will be some pleasant surprises online: Several months ago, I asked users of BrowserTune-WinMag's browser test and tune-up page at http://www.winmag.com/flanga/browsertune/btstart.htm -what additional tests they'd like BrowserTune to handle. I also asked visitors to the HotSpots page (http://www.winmag.com/flanga/hotspots.htm).

to tell me how I could make that better. I gathered up all the suggestions, and the new, improved pages are now in late beta, just about ready to roll. Please stop by and tell me what you think.

One of WinMag's sister publications also has some major online news: NetGuide Magazine's massive NetGuide Live Web site (http://www.netguide.com/) is undergoing a thorough revision that should also be finished right around the time you read this. All the changes are the result of careful analysis of what people-like you-really want from an online guide. The redesigned site is far easier to navigate than the previous one: A logical channel structure speeds you to just the information you're looking for. The new editorial emphasis on showcasing the best of what's on by channel means your time on NetGuide now produces more wheat and less chaff. Couple that with improved search capabilities and seamless access to the complete Lycos all-Web search, and you've got a site worth seeing.

There's more afoot, so stay tuned!

Fred Langa is vice president and editorial director of CMP's Personal Computing Group. Contact Fred via his home page at http://www.winmag.com/flanga/hotspots.htm, in the WINDOWS Magazine areas on America Online and CompuServe, or at the addresses here.

[Ed. Note: No, WinMag editor Mike Elgan didn't just age 10 years. He and I have swapped column positions. That's why it's my mug shot staring back at you. Mike's column is now called Start, and-appropriately-it appears far in the front of each issue. The columns' content, however, remains the same: Mike alerts you to major trends developing in the computer world and explains how each issue of WinMag fits into the larger picture. I'll continue to "Explore" the nitty-gritty real-world issues we Windows users confront.]

Windows Magazine, May 1997, page 35.

[ Go to May 1997 Table of Contents ]