a companion discussion area for blog.codinghorror.com

Don't Forget To Lock Your Computer


Of course it’s possible that someone comes in uninvited with the help of someone who has a key, but I’m sure that a stranger wandering around, looking at people’s screens would attract some attention.

Actually, it usually won’t. An interesting phenomenon has been demonstrated many times in supposedly secure buildings: Once somebody gets in, everybody assumes they belong there, and they have the run of the place. Journalists have used this to get stories in hospitals, airports, construction sites. There was even a case in the Australian military not that long ago of a civilian sitting in on a classified meeting after walking through a door that hadn’t closed fully.


Congrats. You just got me future-fired.


Why would anybody fire you for the reason of changing your co-workers desktop wallpaper? Possibly because there are regulatory requirements for them to keep track of who has access to what information or who initiated what transactions. And if some smartass is in the habit of sitting down at other people’s computers and using them for unauthorised and unknown purposes they can’t possibly meet those obligations?

Some of the guys posting to this discussion don’t seem to have thought it through. You’re playing these jokes (you say) because security is important where you work. So if there is some sort of security violation it’s presumably going to get investigated, and the first question to be asked is who used the workstation in question. Answer - you did, because you’re in the habit of sitting down unsupervised in front of an unlocked terminal whenever you see one. Admittedly you claim you weren’t responsible for emailing confidential information to an external email account (or whatever the security violation was), but so does the guy who sits at the workstation, and he plays golf with the CEO’s son-in-law, so it’s obviously you who’s lying.

Or could it perhaps be that security isn’t really that big a concern where you work, but it provides a convenient excuse for you to torment your co-workers with cretinous pranks?


At E-Trade you could be fired for leaving your desk without locking your computer. (I Didn’t work there, but my brother-in-law did). When I first heard about it, they were on NT. I thought it was strange and difficult, but obviously someone there knew what they were doing. It made me trust them a little more when they appeared to have such strict computer security in mind.


At college, if someone left their computer unlocked, we would set their home page to (and background image to, and fill their start up folder with) the web page of Ouchy the Clown, purveyor of “adult clown services”. We called it “ouchying” someone.


At my students times, people left the public (from all used) pools, and didnt logged out. In these cases we often sent a mail to the person: “Note to myself: dont forget to log out, else login could be very hard” and added as first line in their login script “logout”.
I once stand next to one of the admins, as one student entered, and complained that his account doesnt worked. Very embarassing for him as the admin asked, if he maybe forgot to logout the last time he worked on a machine. The admin fixed it, told him to check his emails and advised him, to log out when he leaves the terminal (with a hint that really evil people could do some really bad things, like delete his home directory, hack into the CIA, …).


I work in IT for a bank. They cram every aspect of security down your throat to limit the risk of ANYTHING ever leaking. Locking your workstation is not only encouraged but a JOB REQUIREMENT. Most areas are secured with 2 factor biometric fingerprint and smart card readers for enter. We are not allowed to bring in cameras, operate camera phones, all USB ports are disabled so you can’t copy off files, lots of webmail and file web sites are blocked so you can’t upload confidential data, etc. etc.

Come on, it’s 2007! Lock your PC when you step away. Do you leave your wallet containing your personal info and credit cards laying around, too?


“No. I’m at work, not in prison, and my pc is a development tool, not a production server. If someone put a silly screen saver on, i’d giggle and then take it off again. I doubt very many people here would tolerate working somewhere so strict.”

I work in the healthcare/medical research industry. So even if I don’t run as administrator, I still have access to patient records or un-masked research data. Sure we have card-key access to our part of the building, but we often have visitors. A couple of years ago, a worker at the Seattle Cancer Care Alliance was convicted of identity theft. They had access to an unlocked system and obtained protected health information (phi) on a few patients. Due to HIPPA regulations, we are required to secure not only our servers, but our workstations.


Dont just lock your computer when you leave for the day. Kindly shut it down too. Think of the amount of energy saved by just waiting 5 min


This can escalate very quickly though. Setting things via Group Policy is cruel, but amusing… :smiley:


Installing the comedy Clippy’s one thing, but I’d definitely think twice and stop short before installing either of the last two utilities linked at the bottom of the post. They’re both network utilities and if you have an administrator with a pulse, you’re going to be sending it skyward if you install what could be described as a trojan on someone else’s computer. For that matter, I probably wouldn’t install Clippy because if something goes belly-up on their box and you cop to having installed it, good times will not be had by all.
I’d stick to the tried-and-true desktop screenshot or “I have a shiney heinie” e-mails to the company. Or just go to http://wigflip.com/automotivator/ and roll your own faux-motivational poster encouraging them to learn to slap Windows+L before they walk away from their desk. Or a screensaver with a 1 minute timer and password on return.


I’ve always wondered about the window key + l thing. It isn’t ctrl-alt-del, so it can be intercepted, right? Although if someone has enough control of your computer to popup a fake lock/login screen at that point, I guess getting your password too isn’t much worse.


The Office Poltergeist site is blocked by my company’s net-nanny because it is classified as “Criminal Skills.” Not a good sign for any kind of joke using it being taken well…


If you’re really just doing it for security, lock the ‘victims’ machine and leave a sticky note with a reminder.
Anything beyond that is a prank, so be honest and call it that.


As with most analogies, yours sucks. The penalties for entering someone’s home uninvited are far worse than changing someone’s computer desktop image at work. You’re misunderstanding the context and intent of “goating”.
However, if someone did come in and prank you everytime you left your house unlocked, you’d start to think twice about locking your door, wouldn’t you?


About 7 years ago I installed the Blue Screen screensaver on my buddies machine.

He was developing this VB6 application that ineteracted with some weird API - anyway - it was complex and very hard to work with.

He came back from his lunch, saw the blue screen, and said some explatives and then turned off his computer.

I fount out later that he had been working on something for over 5 hours and did not save it. Ohhhhhhh bummer man. CTRL + S is your friend.


Do you have kids? If I picked up my kid’s toys for them every time they left them laying around and just stuck a sticky note on them, they would never learn to clean up after themselves. They would, however, learn that other people’s messes are their problem which is exactly the opposite of what I want them to learn. Teaching someone that there are consequences for their actions (or lack of action in the case of not locking their workstation) is far better than being an enabler.


I lock my computer when I am not using it. But not because of “humourous” coworkers. I work at home. My 4 year old daughter is learning to type and she likes to “practice” on any keyboard she finds.

I just don’t want my clients to get the “I am a princess” email. It might send the wrong message.

Plus, if you install one of the parallel processing screen saver apps like the @Home processes, that buys you an extra 10-15 minutes of processing time before it would kick in automatically.


I work in a company that deals with protected health information (PHI) and compliance requires machines to be locked when leaving your desk.

When it involves information that can be sensitive, it’s not just to keep people out, it’s to keep the information on your screen from being seen by guests, friends, others without proper auditing.

HIPAA has some tight requirements to protect the health information of patients, and it’s our job to make sure that information remains protected.

And, yes, we have several people in our office that will dive into an open machine and make sure everyone knows you left it unlocked.


This brings back fond memories. I previously worked at a fortune 500 company where SOPs were in place about locking your workstation when you are absent. This coworker of mine was notorious for leaving without locking, so I felt it my duty to 1) teach a lesson, and 2) have a little fun.

So, I composed an outright abusive email to the CEO, screen captured it, and saved it to the network. I then walked over to his workstation (that title in and of itself is a joke, since little work occurred there) and saved it as the background on his screen.

When he returned, he got completely frustrated when he could not minimized the mail program. Oh, those were the good old days!