in Security

Cookies not good enough for web identity

How often does this happen to you: although you have accepted all cookies, clicked on “log me in automatically”, made Mozilla store the password, you’re asked for identification over and over again. Two examples where this always happens (at least to me) are eBay and Amazon.

I guess one of the reasons for this is that cookies were not meant to be used for such advanced purposes.

Major weaknesses of cookies:

  • Considered harmful, often browsers or companies block cookies
  • Unreliable
  • Expire at non-obvious times
  • Can easily be deleted accidentally
  • Can you remember each username/password combo for every cookie you allowed?
  • Not multi-user / multi-identity capable (I have a private and a business identity at eBay, for example)

So, why has nobody come up with a better identity store yet? I mean, it’s no rocket science, is it? Why not create an application type that every browser can implement and does all these things? it could allow for different levels of security for each site requesting identity: log me in automatically, ask me, let me chose an identity, block the site. Data might be stored on the hard disk or on a token, or be relayed to a web store.

What do you think – how come that there is nothing better than cookies today – it’s 2004 already!

Leave a Reply

  1. Yeah, good point. I’m sick of that too! I guess that your blog has the potential to act as a “consumer wish list” for software Entrepreneur’s etc. So keep up the good work.

  2. Yeah, good point. I'm sick of that too! I guess that your blog has the potential to act as a "consumer wish list" for software Entrepreneur's etc. So keep up the good work.

Webmentions

  • DeveloperZen.com September 15, 2004

    Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Information Arbitrage [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog

  • DeveloperZen.com September 15, 2004

    [IMG] Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog

  • DeveloperZen.com September 15, 2004

    [IMG] Constant Bearing, Decreasing Range [IMG] Doing My Little Part- Weblog of Mark Finnern [IMG] Software Alphabet Soup [IMG] The Village View [IMG] theotherthomasotter [IMG] Venture Chronicles [IMG] http://www.gadgetguy.de – The GadgetGuy [IMG] Yet Another Software Blog