I have Windows Vista. I have my IE set to "remember" my passwords when I type in my username.

Yesterday I came home and went to AOL (web version) to the sign on page. My username was already typed in but it was typed in using a capital letter for the first letter.

I never do that. In fact, usually when I open up the AOL sign-in page the username and password fields are blank. I can just click and my username shows up in a list. I click on it and my password populates.

I suspect that my 16-yr old nephew who lives with us was trying to hack into my email account and guess my password. He already knew my username. He denied it up and down. Why else would my username appear already typed in (incorrectly) when I had just signed in that morning the usual way?

Any thoughts? I don't want to accuse him falsely but God help him if he's lying to me. We already have trust issues with him.

Do you use that username with a capital first letter anywhere else? Did you do that accidently somewhere else.

I'm no expert but IE also stores imformation from forms you fill out. And it will occassionally pick up that data field from another browsing episode and put it in some place else. It will also occassionly pick up a username from another site.

Also, do you have IE to prompt whether you want it to remember a password. I imagine if he was hacking, he would have said no, and if he said yes, it would have saved the last one he tried. (allthough I suppose you might be able to get it to save with the password field blank).

It may be sneaky, but what I would do is put a keylogger on the PC. Drop the subject with your nephew for a few days, then in a passing conversation point out that you use all lower case on your username and allow him to overhear it. If he's trying to hack your password he probably won't be able to resist trying again. Just make sure you have a pretty strong password before you try this.

Does he have restricted access to the internet? He may have been trying to get your access to the internet which he assumes is not parentally restricted.

He probably is not after your email. He wants to porn surf.

I NEVER capitalize the first letter of my username. That's what made me suspect something to begin with. I do have IE set to remember passwords, so if he had done it correctly, the password would have populated the password field automatically. Gotta change that!

I am going to get a keylogger though just to see what else he's been up to, we had an issue with him four years ago looking at porn (He was 12.) His excuse? "Sponge Bob talked about this website on his show." It was www-sex-com. Yeah, right.

We just recently let him start using the computer again.

There is no restriction. All he has to do is click on the IE icon and he's there. He specifically went to www.aol.com to login.

I'm going to set up a keylogger and THEN if I bust him, he'll lose his privileges to the Internet... again.

teenager have needs, don't be so harsh on your nephew. if he can't have access in his own habitat, he will go out and search it elsewhere.

trying to cover the sun with one finger will only create resentment.

i would suggest for you to call your nephew, sit down, create and account together and explain to him the dangers of the internet, and all privacy issues, being sneaky will not bring the best out of anyone.

my honest advice.

Can you password protect the password bank, so that you have to issue a password to have it recall remembered passwords?

Personally, I'd advise two things.

1. Stop using IE, it's just a virus catcher masquerading as a browser. Get Mozilla Firefox or the Opera browser, it's much safer.

2. Create an account for the kids that has NO administrative rights. So it can't install browser plug-ins or other software. You may even be able to configure that account so he cannot delete his history.

NEVER let the kids use your account. Log off, and make them log into their account.

NEVER give the kids access to install any sort of software. This is where malware, spyware, etc often comes from. The kids see something cute, a tool bar or Zwinkies or something and they install it.

Of course I'd suggest dumping Windows and using Linux or Solaris, but that's another issue entirely.

(Posting using Firefox 3 on Solaris 11 SNV_Build97!)

Did you check your history? You know if you logged in or not. If it shows you went to AOL when you didn't then SOMEONE did.

Are you kidding me? I guess that's the same argument that parents who serve their kids make. Well gee Judge, if I don't give it to them at home, they'll just go out and find it. Thanks but no thanks.

The most important need a teenager has is moral guidance.

My nephew knows the dangers, we've already danced that dance. This isn't a single, out-of-character incident for him. The trust level is extremely low.

We even sat down and recreated every step on the computer. All the excuses or possibilities that he gave were not possible. I tried each one right in front of him. Not one resulted in my username appearing incorrectly as it did.

With that said, I did tell him yesterday that I was going to set up a lie-detector test at my office because I just could not believe him. The science (at least to me) proved otherwise. But he surprised me by agreeing to take the test. He repeatedly said "swear to God Aunt ______, I did not do this. Why would I lie about something so stupid?"

I've chosen to let it go but keep my eyes open.

Oh, and I also installed a keylogger.

I did not know you could do this. Hmmm.

But wouldn't it just be simpler to change IE to not "remember" passwords so that we have to enter it each time?

I did check my history but all it shows is that someone (me or my nephew) went to the AOL site. He admits that part. He denies trying to log into my account.

You can password protect the password bank in Mozilla Firefox. I don't use IE, so I wouldn't know what you can or cannot do in IE.

Again, the best suggestion is a seperate userid for the kids that has NO admin rights.

Enlightened Ex had spectacular advice.

Change browsers.
Make an account for you and an account for him. His does NOT allow him to install ANY software.
Always log out when you're done.

Agreed. Consider yourself lucky that they didn't order themselves a bunch of stuff on Amazon using your account information .

My kids - they've got their own PC to use. And they don't have admin-level accounts on it either.

That's a bit like putting tint on the windows after giving the kids the keys to your car, and expecting that will stop accidents from happening.

The key here is to NOT give the kids access to your account or any admin-level account, on the PC. Everything else is secondary, and very much so.

BTW - I don't buy the "Firefox is more secure" story, but that's a whole other topic of discussion .

Ditto here.

My wife and I share a PC. I usually boot Solaris to work, and she boots Windows. I use Windows for Quicken and stuff like that.

The kids share a machine and are limited to 3 hours/day and there are restricted hours as well, so they can't get up at 2AM and start surfing the web or playing games.

The DTV boxes are also restricted by both time as well as TV ratings.

We are careful what the kids can do with the computer as well as the TV.

If you understand the technology, you can limit your children's access to things you don't want them to see at their current age.

Not to chase this rabbit too far, but I think many hacks and rootkits, etc try to exploit weaknesses in IE as it's so closely tied to the O/S.

I'm sure you can get use Firefox to download things that are bad for you as well. I simply don't think it does as many "automated" installs of things like IE does.

I don't think one can send Firefox an ActiveX control that will compromise your system.

I do believe such troublesome ActiveX controls are our there that will exploit weaknesses in IE.

But I preface that with the fact that I seldom, if ever use IE, and my area of expertise is NOT in Windows, but Unix, specifically Solaris.

IE at its default "Medium-High" security level will prompt before downloading potentially unsafe content, and will not download unsigned ActiveX controls. Of course, if you fiddle with its default security settings, or select to download the unsafe content when prompted by IE, then...

I actually use both browsers quite a bit. I mostly use IE though, I think mostly out of habit. Firefox comes in handy for its privacy features from time to time.