Wednesday, March 9, 2022

The need for long tokens!

The need for long tokens!

Cross-reference post from https://kantikalyan.medium.com/the-need-for-long-tokens-4793cde26e69

    Most websites use tokens for various things such as password resets for example: htttps://www.domain.com/ResetPassword?id=12345abcde. In this example, the "12345abcde" is the token. The advanced spying equipment misusers easily misuse by looking at the token. Instead if the token is long enough say 1024 characters, in the email without showing the URL if a HTML link is provided, when the user clicks a link and the browser opens a new tab, the browser window would not show the entire 1024 characters and hackers/spies wouldn't be able to see the token.

    In an extremely worst-case scenario, some websites use tokens in the URL for session management and these websites become easy targets for session hijacking. Session hijacking is a method used by hackers to steal the session cookie value or session token value and use those in their own browsers. This is a very dangerous situation and an offense, yet some spies/hackers use these techniques online. And to hide their real identities they impersonate someone else because they are hackers online.


The need for long tokens!

No comments:

Post a Comment

Q3 2024 review and plans for Q4 2024!

I am thrilled to share the exciting progress made at WebVeta in the past quarter (Q3 2024) and plans for the next quarter (Q4 2024).  My...