Encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers
Original Publication Date: 2000-Mar-01
Included in the Prior Art Database: 2003-Jun-18
Encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers Disclosed are methods for encrypting user entered fields in cookie file contents for decreasing risk of password theft in Web browsers. The methods involves encrypting the cookie files of a user in the client and having a log on function in Web browsers that would enable the decryption of cookie files for a particular user. The solution is necessary because storing username and passwords associated with the use of a particular Web server, for reuse later on, has become commonplace in Web browsers. With the proliferation of usernames and passwords for registration purposes Web browsers have been inadvertently storing them in cookie files sent by the server to the client. Note, the effect of doing this in the case of the Web site, infogate.ibm.com in Example 1 given below. The username DUTTA and the password "mysecret" is visible in plain text files for anyone to view should they gain access to the cookie.txt file in a typical browser. This is a security hazard. Cookie files can be accessed by administrators, other people who use the machine etc. In general, users rarely store username/passwords in obvious locations on their disk. Furthermore, even when users store username and passwords on disk they typically encrypt the file or store some coded version of the password. Using the same password for several tasks make exposure of plain text password a security hazard for a user.