Does cleaning cookies force me to re-verify my bank login?

No, I agree completely. It’s absolutely the case that banks and other systems where you need to log in make heavy use of cookies to aid you in the process to further secure your machine – or to just make it possible for you to go from one page to the next without having to log in for every single page. So, yes, cleaning out the cookies, especially if you’re cleaning out all cookies, does exactly what you’ve described. It will force your bank to go through those extra steps.

Two-stage verification

Many banks that have a good level of security will actually have two stages of verification. On a computer that is unrecognized (in other words, that doesn’t have this extra cookie set by the site to indicate that it has been recognized), the login process may involve asking you for one or more of your security questions before it actually allows you to complete the login.

Once the login is complete (in other words, you’ve identified your account, you’ve answered a couple of these question and you specified your password), then you’re given the opportunity to say, “Is this a safe computer? Should I remember this computer?” If you say yes, then the service, the bank, the site, will actually drop a cookie on the machine that says, “This machine has been recognized so we don’t have to go through all of those extra hoops.” When you next login all that you typically need to provide is your account identification and your password – and you’re done until you clean the cookies. Then the site no longer recognizes that machine and makes you jump through those hoops once again.

Can you preserve those cookies?

CCleaner gives you the opportunity to identify the cookies and to specify exceptions to what it will clean.

When you run CCleaner, one of the things that you can have it do is run an analyze pass to examine what’s on your machine before actually taking any action. You can then scroll through the list of all of the cookies that it’s found on your machine (it’ll probably be a long list).

Look for the cookies that include the domain name of your bank. For example, if your bank is BankofAmerica.com, then maybe what you will find in that list are cookies associated with that domain. Those are the cookies that you want to preserve.

Third-party service

The problem is that many banks actually use a third party service. So I might go to my bank but when I go to the actual login they will have switched to the domain owned by this third party. In my case, that happens to be netteller.com, and not the domain of my bank.

Watch for that. The next time that you’re actually accessing your online banking information, take a look at the different domains that appear in the address bar. It may just be your bank; it may be several domains that are clearly owned by your bank, or it may be domains that the bank uses from a third-party as I described. All of those domains need to be exceptions listed in CCleaner so that the program doesn’t try to clean the cookies associated with those domains.

It may end up being a bit of trial and error. You may think that you’ve identified a few of the domains associated with your banking and done the exception thing – and then find that you didn’t catch all the domains. But my guess is it will be a pretty quick process to identify the internet domains that need to be listed in CCleaner as exceptions so that you can continue to login without having to jump through all these extra hoops.