If I leave a website open on my computer, am I susceptible to hacking?
I have 128-bit WEP security on a single machine home wireless network.
It's not at all uncommon to have browsers and websites open for lengthy periods of time, even when we walk away from our computers. I know I certainly leave several open for hours, if not days.
This may, or may not, be a security risk, depending on several factors.
Become a Patron of Ask Leo! and go ad-free!
The first thing to consider is simply this: is your computer safe? Not the websites, but the computer.
By that I mean if you walk away from your computer, is it safe or is it possible that someone could access and use or abuse your computer in some way while you're not around? In a case like that, leaving a web site up and open is often the least of your worries, unless of course it's your banking site and your roommate or someone else comes along and drains your account.
So, as I've said so often, if your computer isn't physically secure, it's not secure.
But that's not really what you were asking about, though I'll refer to it below again.
So, assuming someone isn't going to walk up to your computer while you're away...
In short, the answer is mostly no - you're not susceptible to hacking by simply leaving a website open. But you still need to take care.
Most websites don't do anything. By that I mean that the majority of sites simply display content when you first visit the page, and then quite literally don't do anything else until you browse to another page. They don't access your machine; they don't run programs; they're just static. It's kind of like leaving a book open on a table. You can read the words, but the pages won't turn themselves, nor will the book burst into flames by itself.
Now, things get slightly more complicated as the web gets more powerful. Let's use GMail as an example.
If you leave GMail's default view open, it will in fact periodically check for and display new mail. So, yes, the web page is "doing something". The pages are turning themselves, in a sense. But still, this type of activity - while more and more common - is also typically benign. Websites that automatically update their content aren't going to allow a hacker entry into your machine.
So even there, leaving a fairly powerful website open isn't really a huge risk on its own. The content may update, but ultimately that's just fine.
What about sites that display truly confidential information - like your banking site?
Even there, leaving it open for a long period of time isn't exposing you to any additional risk. The site simply displays information, and then steps aside while you read it and decide what to do next.
There is risk, however, and it's what I alluded to earlier. Anyone who can walk up to your machine while you're logged into your bank's web site can do whatever they want. Heck, even just walking by and seeing your personal information should be enough to concern you.
That's why most secure sites like your bank will automatically log you out after you've not done anything for a while. They have to assume that it's possible you've walked away from your computer, and they must log you out for your own safety.
But if you're certain that your machine is safe - both virus-free (and if it's not, then all bets are off whether you leave things open or not), and physically secure from someone walking up to the machine - then sure, leave sites open as long as you like.
I do it all the time.
If your page refreshes and you are on an unsecured website or unsecured connection, someone can come along with a packet sniffer and listen in on what you are doing…. I actually do this in my line of work, sniffing packets going through a network and measuring network health/etc and we can actually read all the data being sent back and forth if it is unencrypted.
If the page is sitting there doing nothing, u should be perfectly fine, but if its an unsecured site or connection and its refershing itself and you don’t want people to know what you are doing, you should most definitely exit the browser asap.
Example: the non https version of gmail on a hardwired network = sniffable/readable packets each time the page refreshes on its own.
OK. I have for years stressed that it is important to log of the web whenever you leave your computer. This was what I believed and had been told. Now I must send this article to my dear wife, to whom I have preached most often and tell her that I was wrong and it’s actually OK…
Sigh.
Thanks Leo! I shall soon know the flavor of crow… ;)
Let’s be clear: it’s OK, only if no one else can walk up to your computer and start using it. If someone else you don’t trust can start using your computer after you walk away, then yes, you must log off for safety’s sake.
Well, not logging out does nothing but tell the cookie saved in your browser to auto log you back in on your next visit, all your info is still saved on that machine, nevertheless.
Also, having a site open DOES NOT keep a constant connection to the site you are on. There may be a timer running to “refresh” the content systematically like google (which uses last connect time in the cookie), but even then all the info is done locally and a tcp connection is open only when you are “accessing” the site and auto closes once the transaction is completed. You can leave it open as long as you want — it will connect/disconnect on its own if its made that way, otherwise it will sit there idle as the data is already on your machine.
The only threat is if someone comes by and actually reads it on your screen or if its an unsecured site, they can sniff the information on your local network AS the site refreshes… In that case, there’s nothing you can really do.. Sites will usually auto secure stuff that are personal, but unless you see the lock on the bottom/top of your browser telling you you are a secure page, your stuff is 100% visible to anyone who knows what they are doing, but only as you receive the data and not before/after.
Logging out of open websites might help in some cases, but in others, people can check the browsing history and see where you’ve been and if you have an open password manager someone who can walk up to your machine can get in to any of your sites.
Instead of logging out and haveint to log back in to all those sites when coming bacl, press WIndows Key (
) + L to lock your computer. It’ll tale 2 or 3 seconds to log back in with all you tabs and password vault open. It saves time and is more secure.