EDIT: After reading all the responses, I’ve decided to allow cookies to persist after they close the browser, which I expect will make it so that 2FA doesn’t kick in as often, at least not on their most frequently used web sites. I may also look into privacy oriented browser extensions that might offer some protection, such as Privacy Badger. Thanks, all!
OP: I know two factor authentication is considered more secure than just passwords, but here’s the deal: One of my family members uses Linux Mint on their laptop (at my recommendation and yes, they are aware that it’s not a Mac), and while they’ve mostly adapted to the different workflows (coming from a macbook), one of their biggest pain points is that web sites are constantly challenging them because they don’t recognize their machine. It’s frustrating to them because they used to just allow all cookies in Safari, whereas I’ve configured Firefox on their Linux laptop not to keep any cookies after the browser is closed. I know this isn’t a Linux/Firefox issue, but I think they might not see it that way and I worry they’ll get frustrated to the point that they’ll go out and splurge on a new macbook air when they already have a perfectly functional laptop with functional OS.
Right now I’m thinking of adding their most frequently used web sites as exceptions in Firefox settings so at least those cookies would persist after closing the browser, making them easier to log into. Or maybe I’ll just allow all cookies indefinitely, although I’d rather not just throw in the towel on Big Surveillance. Is there another way to walk that line between convenience and security that I’m not thinking of? Should I just remove my tin foil hat and allow all cookies indefinitely?
Thanks in advance for your advice.
I personally think you should just allow cookies indefinitely. There are honestly so many bigger risks from phishing and other forms of social engineering that as long as your family isn't leaving their computer unlocked in a public place, I wouldn't say there's really too much of a risk in leaving cookies enabled.
I apologize that this doesn't exactly answer your question, but I'd like to suggest an alternative. I'd like to also ask, is your family using a password manager by any chance? And if so, are they making use of passkeys on supported websites. Many modern websites, including Google and Facebook, support them. And they require virtually no interaction aside from unlocking the password manager. It's still a form of two-factor authentication, but it's far more convenient than anything out there.
I also don't really think you should try to force Linux on people who aren't particularly comfortable or familiar using it.
If you're worried that they're going to go and do that, then Linux might not serve their needs. Linux might be a fully functional desktop system, but it's also one that isn't an out of the box experience either. There's certainly been a lot of improvements, But I don't think that any Linux Desktop Environment is ever going to reach the same level of intuitiveness as something like Windows or macOS. I would certainly love to see it that way. But I think it's just an issue of the people who actually use it.
I understand looking out for family and ensuring they don't spend excess amounts of money. But you also shouldn't take it upon yourself to try and dictate how your family uses the computer either. Linux wasn't built as a commercially supported desktop operating system with years of full-time researchers studying topics surrounding human computer interaction with a multi-million dollar budget. It was built to be a free as in freedom alternative to the mainstream systems that are available (I personally call it "The problem solving platform" for this reason) by a loose knit group of volunteers who love computers and know a lot about them. Most people who use a computer use them to do work, and not really for promoting a personal agenda.
I'm not saying that you shouldn't try to get your family members to use Linux, I'm just saying that you shouldn't force them. You should put their best interests first that can help them.
I'm sorry to go on such a long rant about this. I just see a lot of people who I believe to vastly overestimate the willingness of others in certain places. And the whole part of "worrying about someone spending their own money" just kind of struck a red flag to me.
Disagree. As long as OP is willing to support them it's good to make others see that Linux can be doing just fine for just web browsing and chatting. Especially given that Microsoft seems to have completely lost it with their pushing of ads and trying to push desktop users into their cloud locking them further in.
Thanks for your advice, and yes, they use a password manager (KeepassXC), but this is the first I’ve heard of web sites that support pass keys. I’ll look into that, thanks for the tip.
Passkeys are the newest hype. Question is whether they're really safe, and how simple end users will deal when problems with it arise. I'd say go for allowing cookies and use the 2FA you already have configured.
FIDO2 has been around for a minute, it just got better branding and mainstream interest. Safe vs passwords is kind of silly, workflow for problem solving is a concern though (although not all that different than 2FA issues, they even use the same token in many cases).