NS&I log in fiasco

dales1

Daliah said:

  Which standard browser allows selective cookie processing?

Firefox.

Tools - Settings - Privacy- Manage exceptions

You can specify a website to be allowed or never allowed to use cookies.

Daliah

dales1 said:

Daliah said:

  Which standard browser allows selective cookie processing?

Firefox.

Tools - Settings - Privacy- Manage exceptions

You can specify a website to be allowed or never allowed to use cookies.

I think, from what you describe, that is different from deleting cookies

Swipe

One option is to use the cookie autodelete extension and let that manage your cookies to your preferred and trusted sites instead. That's the option I've been using for a very long time on all my PCs.

dales1

Daliah said:

dales1 said:

Daliah said:

  Which standard browser allows selective cookie processing?

Firefox.

Tools - Settings - Privacy- Manage exceptions

You can specify a website to be allowed or never allowed to use cookies.

I think, from what you describe, that is different from deleting cookies

Under the same settings area in Firefox, you can choose to delete all cookies after each session.

But really, you want to allow Firefox to retain the NS&I cookies.

masonic

Daliah said:

dales1 said:

I don't understand.

Why not just allow (permit) cookies from NSI

(which presumably avoids the grief) ?

 Which standard browser allows selective cookie processing?

Firefox and Chrome both do. You can set them to clear cookies on exit, then set exceptions for any sites where you want the cookies to be kept. I have been running in this configuration for years and gradually adding exceptions for various banking sites that try to use cookies for identification purposes, and of course those I wish to remain logged in to between sessions.

Daliah

masonic said:

Daliah said:

dales1 said:

I don't understand.

Why not just allow (permit) cookies from NSI

(which presumably avoids the grief) ?

 Which standard browser allows selective cookie processing?

Firefox and Chrome both do. You can set them to clear cookies on exit, then set exceptions for any sites where you want the cookies to be kept. I have been running in this configuration for years and gradually adding exceptions for various banking sites that try to use cookies for identification purposes, and of course those I wish to remain logged in to between sessions.

Chrome is my preferred browser. I find the Chrome cookie deletion options unintelligible, so I use the free version of CCleaner. It handles multiple browsers so I only have to set up / select my cookie preferences once. Been using it since even before Chrome became available.

kaMelo

All the discussion of cookies is great and all but it's curing the symptom rather than the problem which is the inept implementation of 2FA by NS&I.

Deleting cookies regularly is just good housekeeping and under no circumstances should doing so lock you out of an account

david72

What a mess the NS&I 2FA system is. It loads the jQuery library from a third-party site unnecessarily (googleapis - allowing untrustworthy Google to track the user), when security best practice is to self-host essential libraries, and not rely on third-parties that may become unexpectedly unavailable or be hacked (eg, such as recent examples of rogue libraries making it into the npm repo); it calls out to two further external sites/domains (at least one of which has a terse alphanum domain that 'smells suspicious' and so doesn't inspire confidence/trustworthiness), but at least these don't seem to need to be given NoScript approval to run JavaScript; and it requires privacy conscious users to permit long-term cookies to be set (but at least you can manage this with Cookie AutoDelete), not to mention that the site in general tries to load at least a couple of other spyware trackers. What a fragile shambles the 'modern' web really is…