Cookies & Passwords (Are Dead?)

Passwords are dead, right?

So are cookies? After all, Google announced they would eliminate them from the Chrome browser (that they control)... four years ago. Then, on July 22nd, Google announced a "new path", which is a nice, corporate way of saying "reneged". Cookies remain alive and well. In fact, I have over 150 Google cookies on my system right now.

Browser cookies are small pieces of data stored on a user's device by websites they visit. These cookies are designed to remember information about the user's interaction with the site, such as login credentials, site preferences, and shopping cart contents. Cookies also enable website analytics, helping site owners understand user behavior and improve their services.

However, cookies pose very significant security risks. One major concern is tracking and privacy invasion. Cookies can be used by third parties to track users across multiple websites, creating detailed profiles of their browsing habits and preferences. At best, this information can be exploited for targeted advertising or sold to other entities without the user's consent. At worst, cookies can be intercepted by malicious actors through techniques like cross-site scripting (XSS) attacks, leading to unauthorized access to a user's personal data. Cookies are often the source of session hijacking, as well. When a user logs into a website, a session cookie is often created to maintain their authenticated state. If an attacker steals this session cookie, they can impersonate the user and gain access to their account, leading to things like changing account settings, making purchases, or accessing sensitive information.

Much like the nonsense about cookies, Google announced they would eliminate passwords from their own platform in 2013. That was 11 years ago, and in 2024, I still use passwords to access Google products every day.

Passwords are about as dead as cookies.

Long live passwords.

#passwords #cookies #google #cybersecurity