Cookies for everyone!

Chicago University has recently moved to two-factor authentication. While this is not itself objectionable, it is pretty annoying to have to have access my cell phone for push notifications just to be able to use MathSciNet. Fortunately, there is (at least) an option to “remember” a login for 30 days without having to use two-factor authentication. That is, it would be fortunate if this feature actually worked. Having just converted to Firefox from the interminably slow Safari, the uchicago website prevents me from remembering my log in for 30 days because “I don’t have cookies enabled.” Except I do have cookies enabled, just not from third parties. What does the crack security team at Chicago ITS suggest? Enable all third parties cookies from everyone! Firefox does have an option from allowing (third party) cookies from an approved list of websites, but, at this time, they couldn’t work out all the different websites that wanted force a cookie upon me when logging in.

 added: The final word from Chicago ITS:

Hello,

We have looked into other reasons as to why this functionality is the way it is and it seems to be a part of DUO authentication that cannot be changed. The best suggestion we [have is] using VPN when accessing university resources if you want it to remember you for 30 days. Otherwise, 3rd party cookies will have to be enabled to have this work without using VPN. Using the University VPN does have advantages if you are working in a public network.

Regards,

ITS Service Desk

====================