A threat model is you can steal the creds of any high clearance officer in the organization. If they reuse the password on the network, you now have unfettered access.

SSO is much more common these days, but that it wasn't the case back then.

▲

Dylan16807 an hour ago | parent [-]

Steal the creds by doing what, though? Most attacks could get their password even if it wasn't in the cookie.

And password managers have been plenty well known for a long time.

	▲	firefoxd 25 minutes ago \| parent [-]
		How do you get the password if it's not in the cookie? When it's in the cookies, any 3rd party script can swipe it.