secure cookies

[Guest]

Everytime I log onto my financial institution's website, I must verify my
identy. The FAQ's say that this is because I am deleting the secure cookie
from my browser. This even occurs if i log out and log back in moments
later. I have added the bank to my trusted sites, but the problem is still
there. How can I keep these cookies from being deleted?

 

[R. McCarty]

Do you have Security program that is "Silently" processing cookies ?
Cookies once set, should persist unless you use a scanning tool such
as Ad-Aware or others that marks some cookies as a threat.

One solution, is to override IE's (Assuming IE) automatic handling of
cookies. I generally use "Prompt" for 1st-Party cookies and a global
block of all 3rd-Party cookies. Using prompt you can over time build
up a table of those sites you want to allow to set a cookie.

IE, Tools, Internet Options, Privacy - is where you'll find the control
settings for Cookies.

 

[GHalleck]

Everytime I log onto my financial institution's website, I must verify my
identy. The FAQ's say that this is because I am deleting the secure cookie
from my browser. This even occurs if i log out and log back in moments
later. I have added the bank to my trusted sites, but the problem is still
there. How can I keep these cookies from being deleted?

There might be several options built into the web browser that is being
used that will allow some cookies to persist. It might mean juggling the
security settings or making sure that the proper certificates exist. But
one really needs to wonder why cookies are being used in the first place
since many people do not necessarily log in from the same computer all
of the time, for instance. Is the bank log on set automatically? If so,
then don't do it and make it a practice to log on de novo each time.
The bank I use certainly does not leave cookies around or uses them
for all of the electronic banking that I do nor have I had any issues
with it since my cookies are scrubbed daily, in any event.

 

[Guest]

I'll give it a try.
--
4i''''''''s

Do you have Security program that is "Silently" processing cookies ?
Cookies once set, should persist unless you use a scanning tool such
as Ad-Aware or others that marks some cookies as a threat.

One solution, is to override IE's (Assuming IE) automatic handling of
cookies. I generally use "Prompt" for 1st-Party cookies and a global
block of all 3rd-Party cookies. Using prompt you can over time build
up a table of those sites you want to allow to set a cookie.

IE, Tools, Internet Options, Privacy - is where you'll find the control
settings for Cookies.

 

[Guest]

The logon is not automatic, but I have to go through the security questions
before I can conduct any business (pay bills, transfer money, etc).

 

[Ghostrider]

The logon is not automatic, but I have to go through the security questions
before I can conduct any business (pay bills, transfer money, etc).

So long as you can log on and perform the activities you want to do,
under SECURE conditions, then don't worry about cookies. Consider the
action of going through the security questions as an additional check
on security. Yes, cookies might eliminate this but is it really worth
it?

 

[+Bob+]

But
one really needs to wonder why cookies are being used in the first place
since many people do not necessarily log in from the same computer all
of the time, for instance. Is the bank log on set automatically? If so,
then don't do it and make it a practice to log on de novo each time.
The bank I use certainly does not leave cookies around or uses them
for all of the electronic banking that I do nor have I had any issues
with it since my cookies are scrubbed daily, in any event.

Many banks are using cookies to determine if that computer has
successfully logged into that account before. If they don't detect
that you've been there from that specific computer, they give you
additional security questions on the way in.

Whether this is more or less secure is debatable but it seems to be a
growing trend.

 

[+Bob+]

So long as you can log on and perform the activities you want to do,
under SECURE conditions, then don't worry about cookies. Consider the
action of going through the security questions as an additional check
on security. Yes, cookies might eliminate this but is it really worth
it?

My username, my password, they check to make sure it's a machine that
has logged into that account before with the cookie; I'd consider it
an annoyance, not a feature.

 

[Bob I]

My username, my password, they check to make sure it's a machine that
has logged into that account before with the cookie; I'd consider it
an annoyance, not a feature.

Given the number of phishing attacks, having the cookie missing
indicates that additional security questions should be processed. If the
cookie exists then the assumption is made that this is the real user and
not the result of someone entering phished info.

 

[Guest]

Your suggestion worked. It takes a little longer not using IE's automatic
cookie handling feature, but I'll put up with it. Maybe after a while I'll
be able to go back to automatic?