For an automated log on, what are the security loopholes ?<BR><BR>Having already registered an account at website X, I don&#039t want to keep logging my personal username ad password. How does a site authenticate a users identity without openly revealing their password ?<BR><BR>lets assume that the site stores the client&#039s data (username and password) in a cookie on their machine. Should the password be encrypted with a unique key or is it safe enough as it is ?<BR><BR>what&#039s the securiest way to authenticate a user using cookies ?<BR>