It seems that a while ago one school of thought to cut down on malware and protect passwords was to disable cookies. I usually set my browsers to clear all cookies and caches when I am done with the browser (firefox). Is this thinking outdated? For the two factor sites ( and perhaps everything else, too ) should I allow cookies? I am guessing the factor that authenticates the machine is using cookies.
Two factor has nothing to do with cookies. There may be sites that do not work with cookies disabled altogether, but that's a minority. I think setting the browser to accept cookies, but to delete them upon exiting is a reasonable policy. It robs of you of some convenience (making you log in to various sites every time you start the browser), but provides some extra security.
So sites that identify the machines i work on, like my bank's web site, are storing the machine information in their system? If so then why does my bank stop me from logging in every couple months because it doesn't recognize my machine , even though it is the same computer I have used for a several years?