Login

In computer security, login (logging or signing in) is the process by which individual access to a computer system is controlled by identification of the user using credentials provided by the user. A user can log in to a system to obtain access, and then log out when the access is no longer needed. Note that the term "log in" (a verb) is two words, while "login" (a noun or adjective referring to the procedure, credentials, or form used) is one word; the same applies to "log out" and "logout".

Logging in

.

The primary use of a computer login procedure is to authenticate the identity of any computer user (or computer software on this or a different computer) attempting to access the computer's services. The login procedure can also provide an audit trail of the use of the system.

To log in to a system usually requires:
* a user name, a unique sequence of characters the user chooses to represent himself or herself with. A user name can be the user's real name, but is more often a short nickname or screen name. The term User ID is also used on some systems (e.g. EBay). Many websites now use emails in place of the username, which are not publicly available, making password guessing much more difficult (the hackers need to guess the email as well) Fact|date=November 2007
* a password, another sequence of characters which provides the user with a "key" to the system and is kept secret from others.

The login prompt of operating systems is sometimes preceded by a logon banner which is a short message written by the system administrator. The logon banner usually pops up as a dialog box and it requires acknowledgement (typically the user clicking the OK button) before it will disappear. The logon banner is typically used in universities, schools and businesses to inform users about their rights when using the system [cite web|url=http://www.security.ku.edu/docs/doc-viewer.jsp?id=36|title=IT Security Office -- KU Approved Login Banner|publisher=www.security.ku.edu|accessdate=2008-04-15|last=|first=] Legal information may also be included. Employers who monitor their employees using employee monitoring software usually state in the logon banner that user activity is being monitored. Users cannot claim ignorance as the logon banner requires acknowledgment before the user can even log on to the computer.

Logging out

To "log out" (also: to "log off", "sign out", or "sign off") is to close off one's access to a computer system after previously having logged in.

Logging out may be done explicitly by the user performing some action, such as entering the appropriate command, or clicking a website link labeled as such. It can also be done implicitly, such as by powering the machine off, closing a web browser window, leaving a website, or not refreshing a webpage within a defined period.

In the case of web sites that use cookies to track sessions, when the user logs out, session-only cookies from that site will usually be deleted from the user's computer. In addition, the server invalidates any associations with the session, making any session-handle in the user's cookie store useless. This features comes in handy if the user is using a public computer. As a security precaution, one should not rely on implicit means of logging out of a system, especially not on a public computer, instead one should explicitly log out and wait for the confirmation that this request has taken place.

Logging out of a computer when leaving it is a common security practice, preventing unauthorized users from tampering with it. There are also people who choose to have a password-protected screensaver to activate after some time of inactivity, requiring the user to renter their login credentials to unlock the screensaver to gain access to the system.

References

See also

* Computer security
* Account
* Password
* Password policy
* Login spoofing
* Login session
* OpenID
* /var/log/wtmp