On 11/4/2009 12:29 PM, John D Jacoby wrote: > *Hi, > For example, my Credit Union has a security feature and asks me for > the answer when I log on. After doing this one time with Internet > Explorer it no longer asks for an answer and all I need to do is enter > the Account number and a password. With SeaMonkey, it asks every time! > Is there a setting that I need to make so that I no longer need to keep > giving a Security Answer in SeaMonkey? > Thanks for any help, > John > *
These are sometimes called "challenge questions". When you answer the question correctly, the site sets a cookie in your profile. The next time you try to login, the site fetches the cookie and bypasses the question if the cookie contains the correct information. Sometimes, the cookie will be for the domain of the outside service that created the software used by the financial institutions. Thus, you might not only have to accept cookies "normally" (permanently and not merely for the current session), but also you might have to enable all cookies and not merely those for the originating Web site. I have found that some sites restrict bypassing the challenge question by sniffing for what browser you are using. Only "approved" browsers will bypass the question. Of course (unfortunately), they sniff for "Firefox" and not for "Gecko". Thus, with SeaMonkey, you will always be asked a challenge question. (Sniffing also means that the question will be asked if you change browsers.) I stopped trying to convince two banks, two credit unions, and a mutual fund group that sniffing for "Firefox" is wrong. Instead, I setup a special profile for accessing financial institutions. In this profile, I always spoof for Firefox with the following UA string: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.4) Gecko/20091017 SeaMonkey/2.0 NOT Firefox/3.5.3 I also have set this profile to accept all cookies "normally". I never use this profile unless I intend to logon to one of my financial accounts. To get public information from any of the institutions' sites, I use my normal profile. A few sites assume everyone has broadband with a fixed IP address. This is a very bad assumption. Approximately 10% of Internet users in the U.S. still use dial-up with a new IP address each time they connect. On top of that, you might get a new IP address when you reboot your broadband modem. You might try viewing your cookies -- on the menu bar, select [Tools > Cookie Manager > Manage Stored Cookies] -- and see if you detect an IP address as the value of a cookie that has the domain of your credit union's Web site. If so, the credit union has a real problem that needs to be fixed. By the way, a number of studies have concluded that challenge questions and also security images provide no security. In place of the questions, you need to have strong passwords that you don't write down on a PostIt or save in an unencrypted file. In place of images, you need (1) to check that the padlock icon appears in the lower-right corner of your SeaMonkey browser window and (2) never access your account from a link in an E-mail or newsgroup message. -- David E. Ross <http://www.rossde.com/> Go to Mozdev at <http://www.mozdev.org/> for quick access to extensions for Firefox, Thunderbird, SeaMonkey, and other Mozilla-related applications. You can access Mozdev much more quickly than you can Mozilla Add-Ons. _______________________________________________ support-seamonkey mailing list support-seamonkey@lists.mozilla.org https://lists.mozilla.org/listinfo/support-seamonkey