Wednesday, March 9, 2022

The need for long tokens!

The need for long tokens!

Cross-reference post from https://kantikalyan.medium.com/the-need-for-long-tokens-4793cde26e69

    Most websites use tokens for various things such as password resets for example: htttps://www.domain.com/ResetPassword?id=12345abcde. In this example, the "12345abcde" is the token. The advanced spying equipment misusers easily misuse by looking at the token. Instead if the token is long enough say 1024 characters, in the email without showing the URL if a HTML link is provided, when the user clicks a link and the browser opens a new tab, the browser window would not show the entire 1024 characters and hackers/spies wouldn't be able to see the token.

    In an extremely worst-case scenario, some websites use tokens in the URL for session management and these websites become easy targets for session hijacking. Session hijacking is a method used by hackers to steal the session cookie value or session token value and use those in their own browsers. This is a very dangerous situation and an offense, yet some spies/hackers use these techniques online. And to hide their real identities they impersonate someone else because they are hackers online.


The need for long tokens!

No comments:

Post a Comment

25% off sale & plans of Trustworthy and Responsible AI

25% off sale until 12/04/2024! This sale is for ThanksGiving, BlackFriday and CyberMonday sale. A minor update was done. This update had...