If you’ve visited a website lately then you’ve most likely seen a pop-up asking about your browser cookie preferences; whether you’d like to accept or deny. But what are cookies? Are accepting cookies safe or is it safer to deny all cookies?


What are cookies?

In the tech word cookies aren’t the delicious desert that we all know and love. Instead cookies or HTTP cookies are small text files that store bits of data like a password or username that can be used to identify your computer on a network. Cookies help make internet browsing seamless by keeping track of data to provide a more personalized experience for each user’s session.


Types of Cookies

Not all cookies are the same and though there are similarities how they’re used depends on the type of cookie. The most common type of cookies are session cookies. Session cookies are temporary and should disappear when you close your browser after a single session. Permanent cookies are used to identify you over multiple different sessions. These cookies are not deleted automatically and are actually stored on your hard drive. They’re used anytime you enable the “keep me logged in” or “remember me” feature on a website. Finally, there’s third-party cookies or marketing cookies. These are the cookies that are responsible for following you from site to site and generating personal ads based on your browsing history and geographic location.


Are cookies safe?

While cookies are not inherently dangerous, they can still be a potential cybersecurity risk. Cookies can be hijacked by an attacker to gain unauthorized access to a computer or network. There are several types of cybersecurity attacks that are based on exploiting cookies. For example, cross-site scripting and cross site request forgery are two types of attacks that aim to steal a user’s cookies in order to impersonate the user or steal sensitive information. In cross-site scripting attacks an attacker attaches malicious code onto a legitimate website. Once the user loads the legitimate website the malicious script forwards the user’s private information to the attacker. Now the attacker can use the cookies to impersonate the user on that particular website. Cross site request forgery attacks work similarly to cross-site scripting in the sense that they both take advantage of a user’s authentication on a website. Cross site request forgery targets functionality such as changing the user’s password or login credentials. Since cookies help with website performance it would be impossible to deny all cookies and have the same online experience. It’s better to be aware of the kinds of attacks associated with cookies and manage your cookies regularly to stay safe.


Cookies and digital hygiene

Staying safe from cookie-based attacks can be relatively simple. Taking simple steps like keeping your browser up to date and taking the time to periodically delete your cookies can help you avoid cybersecurity attacks. Periodically deleting your cookies should be a regular part of your digital hygiene.


Want more tips? Have them sent directly to your inbox each week! Sign up here.