DigiNews

Tech Watch by Johan Denoyer

← Back to articles

Preventing token theft

Quality: 8/10 Relevance: 9/10

Summary

The article surveys token theft vectors from stored tokens and browser cookies, detailing how malware can exfiltrate tokens and bypass MFA. It reviews various TLS and token-binding approaches (mutual TLS, channel IDs, DPoP, device-bound credentials) and discusses their deployment challenges and privacy implications, concluding that token theft remains a persistent risk, with Chrome's device-bound cookies offering a practical improvement. It also critiques the practicality and limitations of several proposed standards.

🚀 Service construit par Johan Denoyer