Thrawn wrote:Tom T. wrote:I never go to a valuable site (banking, etc.) without first closing the browser and restarting, then doing the same after the banking is completed. Should solve the issue of CSRF from other tabs, and IMHO is Best Practice for sensitive sites. I'd never trust any browser or add-on enough to do online banking while other tabs or windows are open.
I know. But if you have a lot of tabs open, then you're looking at either a significant interruption to your workflow,
Driving to the bank creates even more significant of an interruption.
... seriously, the security/convenience trade-off is a no-brainer for me here. However, I understand that you're much more heavily involved in computer work in your Real Job. (Maybe bank in the off-hours?)
Some people have decided to have a banking-only laptop, used for nothing else (+ credit cards, other very sensitive sites,etc). Nice if you can afford it.
I love the idea of something that will purge all cookies as soon as I close the banking tab (which logging out alone would not do; I'm sure I'd still find some kind of cookies from the bank afterward, albeit maybe harmless ones).
The number of sites of all kinds that actually remove all of their cookies when you logout -- IDK the exact percent, but as a rough guess from experience, I'd say about half.
One would hope that a bank would do this, but they're notoriously poor at security, just where you need it the most.