Wednesday, 4 July 2012

Security and convenience in browser cookies

I started on my new computer at work with a simple-sounding security goal: never let anything save any passwords. My web browser is obviously the main culprit, and I also have a plugin called Vanilla that cleans up cookies - even those set not to expire - after 15 minutes, unless I am still viewing that page. But my resolve has been eroded by inconvenience, coupled with the fact that I don't actually know a lot of my passwords (they are auto-generated by KeePass).

First it was Astrid, the website I use for my action lists, because when I am trying to quickly record something to get it off my mind, I need it to be quick, and I can't spend the time opening the website, clicking to log in, then waiting for it to reload. Next came and Instapaper, for my bookmarklets. Again, they're supposed to be quick, no-brainer operations, but they rely on accounts, which means I would have to log in to each one when I use them. Now I've allowed Amazon to remember me, and I'm this close to allowing Google as well, because when I want to check my email or add a book to my wish list quickly, it's just annoying to look up my password rather than allowing the browser to remember it. I am less secure, but I have gained some convenience. That is the usual trade-off.

Mokalus of Borg

PS - "As secure as possible" also means "very inconvenient".
PPS - You should aim to be secure almost up to the point of noticeable inconvenience.

No comments: