Never say never… but it’s pretty close to never.
There are two ways to take your question:
Can hackers hack into my computer from the internet to access accounts that I’ve signed into?
or
Can hackers hack into my online account on the internet because I haven’t signed out of the account on my computer?
Both answers are basically “no”. But because there are never any absolutes when it comes to security, the true answer for both is that it’s extremely unlikely.
Hacking from without
Movie plots aside, hackers can’t just “reach in” from the internet and hijack your signed-in accounts. Firewalls, Windows updates, and good security habits keep you safe. The real risks come from phishing, malware, and weak or reused passwords, not from staying logged in on your computer.
Can they hack into your computer?
If someone successfully hacked into your computer, then yes, they would have immediate access to any accounts you happen to be logged into at the time.
But before you panic, let’s look at what that hacker would have to do to make that happen.
They would have to breach your router. Your router acts as a powerful firewall, preventing unsolicited connections from the internet to any computer on your local network. Routers are underrated; they are a very powerful first line of defense.1
They would have to breach the Windows firewall. The Windows firewall is something we rarely think about, as it works quietly in the background. While its history has been spotty, the firewall built into Windows has come a long way and represents another significant layer of protection. While it’s technically redundant with the firewall provided by your router, it’s so unobtrusive that leaving it on is a fine thing to do.
They would have to breach Windows. Even if hackers were able to bypass both firewalls in their way, they’d still have to find and leverage some kind of unpatched vulnerability in Windows itself before they could gain access to anything. Keeping Windows up to date, as well as keeping your security software up to date, is your best protection in the unlikely event that anyone ever makes it this far.
So, no, I don’t see it as being likely at all. This is also why I don’t turn off my computer at night as protection against hacking. It’s just not that big a threat.
Help keep it going by becoming a Patron.
Can they hack into your account?
This one’s even easier.
There’s nothing about being signed in to an online account on your PC that makes hacking into that account from somewhere else on the internet any easier.
In fact, for some accounts, it could make it a little harder.
Let’s say you’re signed in to an account on your PC. Now you go to sign in to that same account on your mobile device or another computer. You’re instructed to “approve” the second sign-in on the first computer. Approving something on a machine they don’t have access to is just not something a hacker has any hope of hacking. Admittedly, most sign-in techniques will let you say “I can’t access the signed-in machine”, but the alternatives offered aren’t affected by your having been signed in in the first place.
Once again, no. Your online account isn’t at any greater risk because you stayed signed in on your PC.
Related
Internet Safety: 7 Steps to Staying Safe Online
Staying safe online doesn’t have to be overwhelming. I'll show you seven practical steps anyone can follow to protect themselves from malware, scams, hackers, and everyday digital dangers.#2374
The real risks
Hopefully, I’ve set your concerns to rest. But what about the real risks to your security?
First, if you allow malware onto your machine, that malware can do anything. Your firewall(s) don’t protect you if you explicitly download and run something malicious or open an attachment you shouldn’t have. All bets are off when this happens. Having that malware gain access to your online account(s) might be the least of your concerns.
Online accounts get hacked for a variety of reasons. Here are the most common mistakes to avoid.
- Phishing. You get an email claiming to be from a service you use, requesting that you take some action involving a link in the email. You click the link and log in, and in doing so, hand your online credentials to a hacker.
- Malware and keyloggers. As I mentioned above, once you’ve allowed it on your machine, malware can do anything, and one of those “anythings” is recording your keystrokes as you sign in to your online accounts.
- Password re-use. Your account at service A gets breached through no fault of your own, and your password there becomes known. Shortly thereafter, your account at service B gets hacked because you used the same password in both places.
- Poor password quality. You create easy-to-guess passwords or short passwords that are easy to crack.
In my opinion, these are the risks you should be paying attention to and ensuring your good habits protect you against.
Do this
For the record, I leave my primary computers on 24 hours a day, and they’re all signed in to a variety of accounts constantly. It’s just not something I worry about.
There’s no such thing as perfection when it comes to security; anything is possible. But it’s important to prioritize your efforts and focus on things that matter. Someone somehow reaching in from the internet seems scary, and it’s the stuff of movie lore. The common ways bad things happen are much less exciting — but fortunately, much more in your control.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
Podcast audio
Footnotes & References
1: And, interestingly, not by design but by accident. The technique used to share a single internet IP address among several machines has this firewall as a side effect.
” Your firewall(s) don’t protect you if you explicitly download and run something malicious or open an attachment you shouldn’t have.” This is 100% true, but some might misinterpret ‘explicitly’ to mean intentionally. In this case, ‘explicitly’ can include ‘accidentally’.
Perhaps it might have been better to say “actually”, “in the event”, “in reality”, “physically” and so on.
Hi Leo,
You have a ‘world’ of knowledge and I appreciate receiving your newsletters.
Regarding this one (1093)… Can I trust my Windows Defender notices (when I check my status icons) that when there are green arrows in all the function boxes, there are ‘no threats’ and that my computer really has no malware on it?
Yes and no. Yes, it’s LIKELY there is no malware. But there are NO absolutes, and every anti-malware tool can miss something, so if you’re looking for absolute assurance, there’s no such thing.
Starting this week, when I open one of my programs, an additional website opens. Its content is related to the intended website. Example: I open my bank website and an an additional website opens advertising some kind of financial service. Virus scan does not come up with anything. I do remember downloading a global earth attachment for Chrome. Could this ad website selection program have been bundled? If so, can I eleminate it by deleteing the Chrome addition, assuming that was the entry process. Does having this unwanted program in my computer put me at risk? What other action might be taken.
Yes, the behavior you’re seeing is likely caused by a Chrome extension or background app that’s injecting ads or redirecting traffic. To remove the suspicious extension:
First: I’d clear Chrome’s history.
Press CTRL+Alt+Del
Select “All time” for “Time range”
Tick all the boxes, “Browsing history“, “Cookies and other site data“, and “Cached images and files”
Enter chrome://extensions/ in your browser addrese bar.
Disable all suspicious extensions by turning its toggle switch off.
You can experiment by turning them all of and enabling them one by one until the problem returns and removing that extension.
If that doesn’t work
Enter chrome://settings/reset in the address bar, and click “Reset”
“Restore settings to their default values”
I would immediately delete that Chrome extension, yes.