OSNews

At any given moment, you're either sitting in front of your computer, or you're not. If you're not, maybe you're logged in remotely. Regardless of what computer you're sitting in front of, when you get up and leave, log out. If someone might be looking over your shoulder, don't pick that moment to peruse your private accounts file. Problem solved. Logging out when you can't ensure the physical security of whatever computer you're using is just about the simplest security provision that exists. There are well-known programs, even amongst the relatively computer-illiterate, that require authentication after a period of inactivity.

I fully agree with the Pidgin developers. If Win9x doesn't provide the meager security features required to prevent unauthorized local access to private files, and if users cannot manage to log out, automatically or otherwise, when they leave their desks, then the entire idea of security is a moot point. If you absolutely have to use a system with a single user account shared by multiple users, then I would suggest choosing not to store your password and just type it each time.

Whether security through obscurity is better than nothing is a debatable issue. But above I described two incredibly simple ways to address the kinds of concerns you have. Is security through obscurity better than practicing the most basic user behaviors required for security? No, and may your deity of choice help us all if we raise more generations of computer users to be utterly clueless as to how to protect their data.

I think we can all agree that computer security is as much a social problem as it is a technical problem, if not more so. Particularly in the case of securing a system from local attacks, the buck stops at the user. The software developer cannot secure their software against insecure users.