I know two factor authentication is considered more secure than just passwords, but here’s the deal: One of my family members uses Linux Mint on their laptop (at my recommendation and yes, they are aware that it’s not a Mac), and while they’ve mostly adapted to the different workflows (coming from a macbook), one of their biggest pain points is that web sites are constantly challenging them because they don’t recognize their machine. It’s frustrating to them because they used to just allow all cookies in Safari, whereas I’ve configured Firefox on their Linux laptop not to keep any cookies after the browser is closed. I know this isn’t a Linux/Firefox issue, but I think they might not see it that way and I worry they’ll get frustrated to the point that they’ll go out and splurge on a new macbook air when they already have a perfectly functional laptop with functional OS.

Right now I’m thinking of adding their most frequently used web sites as exceptions in Firefox settings so at least those cookies would persist after closing the browser, making them easier to log into. Or maybe I’ll just allow all cookies indefinitely, although I’d rather not just throw in the towel on Big Surveillance. Is there another way to walk that line between convenience and security that I’m not thinking of? Should I just remove my tin foil hat and allow all cookies indefinitely?

Thanks in advance for your advice.

EDIT: After reading all the responses, I’ve decided to allow cookies to persist after they close the browser, which I expect will make it so that 2FA doesn’t kick in as often, at least not on their most frequently used web sites. I may also look into privacy oriented browser extensions that might offer some protection, such as Privacy Badger. Thanks, all!

  • ReversalHatchery@beehaw.org
    link
    fedilink
    English
    arrow-up
    4
    ·
    7 months ago

    As others have pointed out, the issue is here is not because of mint or linux, but because of the constant loss of cookies.

    I was also experimenting with automatically deleting cookies but the only extension (forget me not) that allowed me the workflow I wanted was buggy and unmaintained.
    I have settled on the following rules:

    • cookies are not deleted automatically
    • umatrix default denies cookie access for all sites, but if somewhere it’s needed I’m ready to unblock it
    • i open most sites with the temporary containers addon and it’s ctrl+click shortcut

    This way, cookies are only deleted when I really want it, which I control by deciding on using a temp container or not.