Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: Make a cookie undeletable on general clearout of browsing data  (Read 1440 times)

renluop

  • Kitizen
  • ****
  • Posts: 3271
Make a cookie undeletable on general clearout of browsing data
« on: December 24, 2019, 05:12:58 PM »

Is that possible and how can I do it?

My asking is because of my continual problems in accessing an online bank account, that fails to recognise me because a cookie token is missing.
Logged

burakkucat

  • Global Moderator
  • Senior Kitizen
  • *
  • Posts: 31164
  • Over the Rainbow Bridge
    • The ELRepo Project
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #1 on: December 24, 2019, 05:22:32 PM »

It depends upon the web-browser that you use. Name the browser and I'm sure someone will then be able to assist you.
Logged
:cat:  100% Linux and, previously, Unix. Co-founder of the ELRepo Project.

Please consider making a donation to support the running of this site.

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6340
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #2 on: December 24, 2019, 05:30:17 PM »

Dont think its possible.

Modern browsers store cookies all in one big file, not like the old days where they may have been stored as individual files.

I dont know of any browser that allows you to exempt specific cookies when using their built in mass delete function.

However there is plugins that allow cookie management and those specific plugins can make certian cookies never be deleted in their own management.

So e.g. I use vanilla cookie manager with chrome, it auto deletes cookies after a short period of time that are "not" whitelisted so basically makes all cookies short lived session cookies, but cookies I whitelist survive.  I also use editthiscookie which is a very nice extension as well.  That will show all cookies that a specific page is using and each individual one can be manipulated.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

renluop

  • Kitizen
  • ****
  • Posts: 3271
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #3 on: December 24, 2019, 06:00:32 PM »

@B'cat It's Chrome.
@Chrys I'll have a gander at what you've mentioned. It may be lazy me, but have you got links?

I was also wondering, if one could save a copy cookie somwhere else on the computer in case of losing it again.
Logged

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 1758
    • My Broadband History
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #5 on: December 25, 2019, 05:14:18 AM »

It would be a pretty shoddy implementation for a banking site to rely on cookies to identify you between sessions, are you sure its doing that?

Generally if a site complains a cookie is missing its because for some reason the browser is not saving it between page loads.
Logged
INTAKE (ECI) Zen: Home Hub 5A OpenWrt Plusnet: VMG-3925-B10B Three 4G: Hauwei B535-232 Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD
Thinkbroadband Quality Monitors

renluop

  • Kitizen
  • ****
  • Posts: 3271
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #6 on: December 25, 2019, 09:26:40 AM »

@Alex A
Nevertheless this is what they say.
Quote
I am sorry that you've had trouble when logging into Online Banking. You will receive a message on screen advising your computer is unrecognised from time to time and this is due to the cookies being cleared from your web browser; this is how we recognise customer's devices. Normally when this message pops up you should be able to continue your log in by requesting a One Time Access Code to your mobile phone or landline. What would prevent you from completing this process would be part of your security being locked or having an incorrect mobile number on your account.

So that we can put things right, we'll need to update your mobile number and this can be done by calling us on(24/7) or alternatively we can arrange to reset your Online Banking details by post. This would involve us sending a Temporary Security Number (TSN) by post to your home address. The TSN will reset your details and allow you to log in again and update your mobile number online yourself whilst having your device recognised.


admin - edited to fix quote code
« Last Edit: December 25, 2019, 10:02:55 AM by kitz »
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 32552
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #7 on: December 25, 2019, 10:19:49 AM »

I think their message back to you may be misleading.    I've experienced similar issues with my bank and their new log in procedure.
For some obscure reason they seem to want everyone to use the mobile app and make it as difficult as possible to retain any login data.

>> you should be able to continue your log in by requesting a One Time Access Code to your mobile phone or landline

I have to do this each and every time I log in now using my PC.   This one time access code is sent to my phone.  Even if I time out, I have to request a new code. 

From a couple of months ago I cannot login on my PC without them sending a code to my phone (either mobile or landline) which is a real PITA.  It wasn't too clear at first what they were doing and I phoned up to complain even offering to give them a static IP but they came out with new EU regulations for online banking security.   
Yet they seem to think that their app is much more secure and there's no messing around with that....   its just normal type logins.   

They did in the end send me a "security token" by post...   but this token is actually a small credit card size device which generates a new code each time I want to log in I have to enter the code from the token into my PC to be able to continue to login using a web browser.  :/
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6340
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #8 on: December 25, 2019, 10:24:40 AM »

Ironically mobile phones are a security nightmare :( Was only 2 weeks ago the bbc posted a news article about a rampant android banking exploit.

I will never do banking on my phone.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

renluop

  • Kitizen
  • ****
  • Posts: 3271
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #9 on: December 25, 2019, 10:32:55 PM »

My account is by one of those companies, who feed us. To log in, after the use name one has to insert bank chosen two numbers from one's  eight digit security code. Even after receiving the TSN, I still couldn't get in with the password I'd saved. If I do get in, the lot will be changed.

Both land and mobile lines are noted as registered, but I prefer the text via mobile, as the voice is too quick and low volume.
Logged

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 1758
    • My Broadband History
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #10 on: December 26, 2019, 07:13:08 AM »

Okay that makes more sense, although I still think its silly of them to effectively have LESS security, just because you've logged in using that browser before.  If you logged in from a public computer you could easily forget to erase the cookie.

My bank doesn't work like that, currently I can still login with memorable data but they too will be making a message to your phone the mandatory method soon.  Although they still have the alternative of using their card reader device to do it instead, a much more secure method but kinda impractical when you aren't at home.

As others have said, forcing everyone to use their phone as an extra level of security seems kinda flawed when its already the primary target for compromising a users security in the first place.
Logged
INTAKE (ECI) Zen: Home Hub 5A OpenWrt Plusnet: VMG-3925-B10B Three 4G: Hauwei B535-232 Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD
Thinkbroadband Quality Monitors

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6340
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #11 on: December 26, 2019, 10:22:50 AM »

I am ok with proper 2FA, using an authenticator app or other device.  Since my app requires a pin to access it as well.  But I think using sms for 2FA is poor. 

The standard google authenticator app is flawed though as it has no security to use it, one just needs the phone.  But its still better than using sms, as someone can setup a pin or other unlock mechanism for the phone itself.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Alex Atkin UK

  • Kitizen
  • ****
  • Posts: 1758
    • My Broadband History
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #12 on: January 09, 2020, 04:37:50 AM »

My bank has had a dedicated 2FA handset for years but its a PITA as you have to use your card.  They recently added SMS as an option and still allow memorable data, although the latter is being removed at some point.

I'm sure its going to bite me in the ass at some point as once or twice I've logged in without my phone handy.

Ironically I can login to the phone app with only my fingerprint.
Logged
INTAKE (ECI) Zen: Home Hub 5A OpenWrt Plusnet: VMG-3925-B10B Three 4G: Hauwei B535-232 Router: pfSense (i5-7200U) WiFi: Ubiquiti nanoHD
Thinkbroadband Quality Monitors

renluop

  • Kitizen
  • ****
  • Posts: 3271
Re: Make a cookie undeletable on general clearout of browsing data
« Reply #13 on: January 09, 2020, 10:25:27 AM »

At least my proper bank is relatively simple to access online:

Enter internet banking account number  (not actual).

Open card- sized gizmo.

Enter chosen number.

Get 6 digit code

Enter on machine.
Logged