Q&A Is Deleting Cookies the Only Way to Prevent Cookie Theft?

always_forever

Level 1
Thread author
Jul 1, 2021
33
Hello,

I hope this post finds everyone here well and staying safe.

I'm wondering if there Is any way to prevent passwords from being stolen due to cookie theft apart from deleting all cookies after each browser session?

I know there’s a tradeoff between convenience and security and I’m willing to embrace that…but I work online a lot and having to re-register my PC multiple times every day is draining a lot of precious time.

Is the best way to just delete them or is there another way to prevent this?

There’s a lot of scams in the world these days and I’m doing my best to increase my cybersecurity knowledge and practices…so any insight would be sincerely appreciated!
 
F

ForgottenSeer 85179

With a secure browser stealing cookies mean the attacker have access to your pc. To prevent that, you should harden your setup.

Cookies aren’t your biggest problem. Also enable 2FA where possible
 
  • Like
Reactions: SumTingWong

always_forever

Level 1
Thread author
Jul 1, 2021
33
Thanks for the reply. What do you consider to be a secure browser setup? I have to use Chrome for work and use Adblock Plus.

What do you mean exactly when you say "harden your setup"? Are you referring to AV software?
 
  • Like
Reactions: SumTingWong

always_forever

Level 1
Thread author
Jul 1, 2021
33
With a secure browser stealing cookies mean the attacker have access to your pc. To prevent that, you should harden your setup.

Cookies aren’t your biggest problem. Also enable 2FA where possible
Thanks for the reply. What do you consider to be a secure browser setup? I have to use Chrome for work and use Adblock Plus.

What do you mean exactly when you say "harden your setup"? Are you referring to AV software?
 

Lenny_Fox

Level 22
Verified
Top poster
Well-known
Oct 1, 2019
1,126
@always_forever
When you are concerned about passwords stored in cookies, why don't you try out a password manager like open source bitwarden? Bitwarden Open Source Password Manager

@SecurityNightmares and @Digmor Crusher
I assume your answers were well intended but reading the reaction of the thread owner, your reactions were not very helpful. I experienced the same when I joined MT. It is not a rant against the two of you, but more of tip to seasoned members. Better provide actionable answers to new members.
 

always_forever

Level 1
Thread author
Jul 1, 2021
33
@always_forever
When you are concerned about passwords stored in cookies, why don't you try out a password manager like open source bitwarden? Bitwarden Open Source Password Manager

@SecurityNightmares and @Digmor Crusher
I assume your answers were well intended but reading the reaction of the thread owner, your reactions were not very helpful. I experienced the same when I joined MT. It is not a rant against the two of you, but more of tip to seasoned members. Better provide actionable answers to new members.
Thanks for the helpful post. I do use a password manager and hadn't considered that, when doing so, passwords aren't stored in cookies. So perhaps this isn't even a concern!
 
F

ForgottenSeer 85179

Thanks for the reply. What do you consider to be a secure browser setup? I have to use Chrome for work and use Adblock Plus.
Chrome and Edge are secure.
wouldn’t use AdblockPlus for many reasons, like attack surface.

What do you mean exactly when you say "harden your setup"? Are you referring to AV software?
No, AV software aren’t hardening. I mean OS hardening.
take a look at Hard_Configurator from AndyFul
 

always_forever

Level 1
Thread author
Jul 1, 2021
33
Chrome and Edge are secure.
wouldn’t use AdblockPlus for many reasons, like attack surface.


No, AV software aren’t hardening. I mean OS hardening.
take a look at Hard_Configurator from AndyFul
Got it. What might you use instead of AdblockPlus? uBlock origin? I think everyone needs to use ad blockers these days, right?

I'll take a look at OS hardening. Lots to learn!
 
  • Like
Reactions: ForgottenSeer 85179

Gandalf_The_Grey

Level 62
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,111
Got it. What might you use instead of AdblockPlus? uBlock origin? I think everyone needs to use ad blockers these days, right?

I'll take a look at OS hardening. Lots to learn!
Instead of AdblockPlus I would certainly use uBlock Origin.
The default settings are fine for most users.
But if you want to experiment and even block more stuff there are some advanced modes to try and they are described in the wiki:
And one of us here made their own version of the medium mode:
 

always_forever

Level 1
Thread author
Jul 1, 2021
33
Instead of AdblockPlus I would certainly use uBlock Origin.
The default settings are fine for most users.
But if you want to experiment and even block more stuff there are some advanced modes to try and they are described in the wiki:
And one of us here made their own version of the medium mode:
Excellence! I'll switch to uBlock Origin. I didn't know it was more secure or that AdblockPlus wasn't secure.
 
  • Like
Reactions: Gandalf_The_Grey

Andrew3000

Level 10
Verified
Malware Tester
Well-known
Feb 8, 2016
469
You can also use HIPS to block access to the browser's directories by any process other than the browser itself.
 
  • Like
Reactions: SecureKongo

oldschool

Level 67
Verified
Top poster
Well-known
Mar 29, 2018
5,693
Instead of AdblockPlus I would certainly use uBlock Origin.
The default settings are fine for most users.
But if you want to experiment and even block more stuff there are some advanced modes to try and they are described in the wiki:
And one of us here made their own version of the medium mode:
There's also this thread: Browser Add-on - uBlock Origin/Nano Adblocker - User Tips, Questions and Issues Thread
 
  • +Reputation
Reactions: Gandalf_The_Grey

Gandalf_The_Grey

Level 62
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,111
Excellence! I'll switch to uBlock Origin. I didn't know it was more secure or that AdblockPlus wasn't secure.
Both are secure and reputable extensions.
uBlock Origin is more efficient and blocks more on default settings.
In my opinion it is the best adblocking extension out there.
From its wiki:
An efficient blocker add-on for various browsers. Fast, potent, and lean.

uBlock Origin is NOT an "ad blocker": it is a wide-spectrum blocker -- which happens to be able to function as a mere "ad blocker". The default behavior of uBlock Origin when newly installed is to block ads, trackers and malware sites -- through EasyList, EasyPrivacy, Peter Lowe’s ad/tracking/malware servers, Online Malicious URL Blocklist, and uBlock Origin's own filter lists.
 
F

ForgottenSeer 85179

Gandalf_The_Grey

Level 62
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,111
I find that a bit extreme.
Of course, limiting third party apps and extensions is preferred for security and privacy, but now you are trusting a third party dns provider.
I don't think a few well-chosen extensions pose a real threat.