Nemeski to TechnologyEnglish • 11 months agoFighting cookie theft using device bound sessionsblog.chromium.orgexternal-linkmessage-square9fedilinkarrow-up158arrow-down12cross-posted to: [email protected]
arrow-up156arrow-down1external-linkFighting cookie theft using device bound sessionsblog.chromium.orgNemeski to TechnologyEnglish • 11 months agomessage-square9fedilinkcross-posted to: [email protected]
minus-squareCaptainBasculinlinkfedilinkEnglish0•11 months agoIsn’t this what WebAuthn already does? Why introduce a new protocol when another one does the job well?
minus-square@[email protected]linkfedilinkEnglish5•11 months agoI don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.
Isn’t this what WebAuthn already does? Why introduce a new protocol when another one does the job well?
I don’t think WebAuthn protects against cookie theft. WebAuthn better protects the login process. But if the result of the login process is still a session/auth cookie, that can be stolen like any other cookie.