How secure are "Remember Me" techniques? Every system I've seen involves a cookie on the user's end which could be easily spoofed (I think). If the bad guy of this scenario gained access to the good guy's machine, he could e-mail himself the cookie data for that site. Once back at home, he could set his own cookies to those values, and then prance right through the site's security, right?
Now, I am assuming there aren't more advanced methods than what I've seen to stop this sort of thing. Is there a better way?
Question
wessleym
How secure are "Remember Me" techniques? Every system I've seen involves a cookie on the user's end which could be easily spoofed (I think). If the bad guy of this scenario gained access to the good guy's machine, he could e-mail himself the cookie data for that site. Once back at home, he could set his own cookies to those values, and then prance right through the site's security, right?
Now, I am assuming there aren't more advanced methods than what I've seen to stop this sort of thing. Is there a better way?
Link to comment
Share on other sites
3 answers to this question
Recommended Posts