Here’s Why Tokens Are Like Treasure for Opportunistic Attackers


Authentication tokens are not tangible tokens, of course. However, if these digital IDs are not routinely expired or restricted to a single device, they may be worth millions of dollars in the hands of threat actors.

Authentication tokens ( commonly called “session tokens”) play a vital role in cybersecurity. They encapsulate login authorization data, allowing for app validations and safe, authenticated logins to networks, SaaS applications, cloud computing, and identity provider (IdP) systems, as well as single sign-on (SSO) enabling ubiquitous corporate system access. This means that everyone holding a token has a gold key to company systems without having to complete a multifactor authentication (MFA) challenge. 

Drawbacks of employee convenience

The lifetime of a token is frequently used to achieve a balance between security and employee convenience, allowing users to authenticate once and maintain persistent access to applications for a set period of time. The attackers are increasingly obtaining these tokens through adversary-in-the-middle (AitM) attacks, in which the hacker is positioned between the user and legitimate applications

Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents

Read the original article: