I’ve been thinking about this for while. Sometimes there are situations where I have to log into one of my accounts temporarily to look at or take something and logging in is usually a pain in the ass or straight up uncomfortable.

So my idea is that this feature will allow to temporarily share/relay the cookies stored in the mobile browser that are used to remember logged in accounts (login credentials?) over a secure wireless or wired USB connection to use with the desktop browser (in a temporary container/session to not conflict with other users’ data) in order to do whatever I do and then wipe out all data upon mobile device removal.

So… what do you think?

  • Dr Jekell@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    2 months ago

    I think that this would be a security nightmare and would require a massive redesign for session cookies.

    If anything they should be trying to lock cookies and sites assorted data to the specific device used to log in.

    At the moment it is very easy for a criminal (once they have gained access) to nab your browser’s entire profile and load it up on their computer giving them access to everything logged in on that profile.

    What you are suggesting is something that would make the criminals jobs easier .

  • 🅿🅸🆇🅴🅻@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    2 months ago

    No, logins should be harder in order to be secure. Hence the addition of 2FA (which is also incompatible with your proposal).

    Now, of course, it depends on how sensible the data in that account is. I wouldn’t want this for my email account, for example, or online password manager, which are the entry gate to all my accounts. The Kagi search engine offers the possibility to login on another device via a session URL which you can copy-paste. And this is fine, if the site / app makes clear the dangers, implemented it securely, and tracks and lists the sessions and allows you to invalidate a session for all devices. And their use-case makes sense, people aren’t used to authenticating in order to search something on the internet.

  • Moonrise2473@feddit.it
    link
    fedilink
    arrow-up
    0
    ·
    2 months ago

    It would be an awesome feature for scammer and phishers. Now with a single click you can phish all the accounts at the same time instead of a single one. Much more productivity