secure cookies

  • Thread starter Thread starter 4eyes
  • Start date Start date
4

4eyes

Everytime I log onto my financial institution's website, I must verify my
identy. The FAQ's say that this is because I am deleting the secure cookie
from my browser. This even occurs if i log out and log back in moments
later. I have added the bank to my trusted sites, but the problem is still
there. How can I keep these cookies from being deleted?
--
4i''''''''s
 
Do you have Security program that is "Silently" processing cookies ?
Cookies once set, should persist unless you use a scanning tool such
as Ad-Aware or others that marks some cookies as a threat.

One solution, is to override IE's (Assuming IE) automatic handling of
cookies. I generally use "Prompt" for 1st-Party cookies and a global
block of all 3rd-Party cookies. Using prompt you can over time build
up a table of those sites you want to allow to set a cookie.

IE, Tools, Internet Options, Privacy - is where you'll find the control
settings for Cookies.

"4eyes" <4eyes@discussions.microsoft.com> wrote in message
news:C174BE07-66AC-4A87-AC12-A0333A9C5D47@microsoft.com...
> Everytime I log onto my financial institution's website, I must verify my
> identy. The FAQ's say that this is because I am deleting the secure
> cookie
> from my browser. This even occurs if i log out and log back in moments
> later. I have added the bank to my trusted sites, but the problem is
> still
> there. How can I keep these cookies from being deleted?
> --
> 4i''''''''s
 
4eyes wrote:

> Everytime I log onto my financial institution's website, I must verify my
> identy. The FAQ's say that this is because I am deleting the secure cookie
> from my browser. This even occurs if i log out and log back in moments
> later. I have added the bank to my trusted sites, but the problem is still
> there. How can I keep these cookies from being deleted?

There might be several options built into the web browser that is being
used that will allow some cookies to persist. It might mean juggling the
security settings or making sure that the proper certificates exist. But
one really needs to wonder why cookies are being used in the first place
since many people do not necessarily log in from the same computer all
of the time, for instance. Is the bank log on set automatically? If so,
then don't do it and make it a practice to log on de novo each time.
The bank I use certainly does not leave cookies around or uses them
for all of the electronic banking that I do nor have I had any issues
with it since my cookies are scrubbed daily, in any event.
 
I'll give it a try.
--
4i''''''''s


"R. McCarty" wrote:

> Do you have Security program that is "Silently" processing cookies ?
> Cookies once set, should persist unless you use a scanning tool such
> as Ad-Aware or others that marks some cookies as a threat.
>
> One solution, is to override IE's (Assuming IE) automatic handling of
> cookies. I generally use "Prompt" for 1st-Party cookies and a global
> block of all 3rd-Party cookies. Using prompt you can over time build
> up a table of those sites you want to allow to set a cookie.
>
> IE, Tools, Internet Options, Privacy - is where you'll find the control
> settings for Cookies.
>
> "4eyes" <4eyes@discussions.microsoft.com> wrote in message
> news:C174BE07-66AC-4A87-AC12-A0333A9C5D47@microsoft.com...
> > Everytime I log onto my financial institution's website, I must verify my
> > identy. The FAQ's say that this is because I am deleting the secure
> > cookie
> > from my browser. This even occurs if i log out and log back in moments
> > later. I have added the bank to my trusted sites, but the problem is
> > still
> > there. How can I keep these cookies from being deleted?
> > --
> > 4i''''''''s
>
>
>
 
The logon is not automatic, but I have to go through the security questions
before I can conduct any business (pay bills, transfer money, etc).
--
4i''''''''s


"GHalleck" wrote:

>
> 4eyes wrote:
>
> > Everytime I log onto my financial institution's website, I must verify my
> > identy. The FAQ's say that this is because I am deleting the secure cookie
> > from my browser. This even occurs if i log out and log back in moments
> > later. I have added the bank to my trusted sites, but the problem is still
> > there. How can I keep these cookies from being deleted?
>
> There might be several options built into the web browser that is being
> used that will allow some cookies to persist. It might mean juggling the
> security settings or making sure that the proper certificates exist. But
> one really needs to wonder why cookies are being used in the first place
> since many people do not necessarily log in from the same computer all
> of the time, for instance. Is the bank log on set automatically? If so,
> then don't do it and make it a practice to log on de novo each time.
> The bank I use certainly does not leave cookies around or uses them
> for all of the electronic banking that I do nor have I had any issues
> with it since my cookies are scrubbed daily, in any event.
>
 
4eyes wrote:

> The logon is not automatic, but I have to go through the security questions
> before I can conduct any business (pay bills, transfer money, etc).

So long as you can log on and perform the activities you want to do,
under SECURE conditions, then don't worry about cookies. Consider the
action of going through the security questions as an additional check
on security. Yes, cookies might eliminate this but is it really worth
it?
 
On Sun, 22 Jul 2007 18:12:29 -0700, GHalleck
<ghalleck@arrakian.mining.com> wrote:

>But
>one really needs to wonder why cookies are being used in the first place
>since many people do not necessarily log in from the same computer all
>of the time, for instance. Is the bank log on set automatically? If so,
>then don't do it and make it a practice to log on de novo each time.
>The bank I use certainly does not leave cookies around or uses them
>for all of the electronic banking that I do nor have I had any issues
>with it since my cookies are scrubbed daily, in any event.

Many banks are using cookies to determine if that computer has
successfully logged into that account before. If they don't detect
that you've been there from that specific computer, they give you
additional security questions on the way in.

Whether this is more or less secure is debatable but it seems to be a
growing trend.
 
On Sun, 22 Jul 2007 22:45:43 -0700, Ghostrider <-00-@fitron.142>
wrote:

>So long as you can log on and perform the activities you want to do,
>under SECURE conditions, then don't worry about cookies. Consider the
>action of going through the security questions as an additional check
>on security. Yes, cookies might eliminate this but is it really worth
>it?

My username, my password, they check to make sure it's a machine that
has logged into that account before with the cookie; I'd consider it
an annoyance, not a feature.
 
+Bob+ wrote:

> On Sun, 22 Jul 2007 22:45:43 -0700, Ghostrider <-00-@fitron.142>
> wrote:
>
>
>>So long as you can log on and perform the activities you want to do,
>>under SECURE conditions, then don't worry about cookies. Consider the
>>action of going through the security questions as an additional check
>>on security. Yes, cookies might eliminate this but is it really worth
>>it?
>
>
> My username, my password, they check to make sure it's a machine that
> has logged into that account before with the cookie; I'd consider it
> an annoyance, not a feature.
>

Given the number of phishing attacks, having the cookie missing
indicates that additional security questions should be processed. If the
cookie exists then the assumption is made that this is the real user and
not the result of someone entering phished info.
 
Your suggestion worked. It takes a little longer not using IE's automatic
cookie handling feature, but I'll put up with it. Maybe after a while I'll
be able to go back to automatic?
--
4i''''''''s


"R. McCarty" wrote:

> Do you have Security program that is "Silently" processing cookies ?
> Cookies once set, should persist unless you use a scanning tool such
> as Ad-Aware or others that marks some cookies as a threat.
>
> One solution, is to override IE's (Assuming IE) automatic handling of
> cookies. I generally use "Prompt" for 1st-Party cookies and a global
> block of all 3rd-Party cookies. Using prompt you can over time build
> up a table of those sites you want to allow to set a cookie.
>
> IE, Tools, Internet Options, Privacy - is where you'll find the control
> settings for Cookies.
>
> "4eyes" <4eyes@discussions.microsoft.com> wrote in message
> news:C174BE07-66AC-4A87-AC12-A0333A9C5D47@microsoft.com...
> > Everytime I log onto my financial institution's website, I must verify my
> > identy. The FAQ's say that this is because I am deleting the secure
> > cookie
> > from my browser. This even occurs if i log out and log back in moments
> > later. I have added the bank to my trusted sites, but the problem is
> > still
> > there. How can I keep these cookies from being deleted?
> > --
> > 4i''''''''s
>
>
>
 
Back
Top