Why tokens will be more valuable than passwords

By | May 7, 2014
With two-step authorization / authentication on the rise, simply having a password isn't sufficient to steal money, or data. But luckily for criminals, there seems to be something else, which, if it can be intercepted by a smart enough hacker, could allow them to achieve the same results – without that annoying need to posess some piece of hardware. That something else is authorization tokens.

But the dynamics of token interaction are somewhat different. They have limited validity – meaning attacks are likely going to target more diverse groups of individuals in one-off attacks, as opposed to ammassing victims for repeated attacks. That's going to be a niusance to crime-fighting organizations. Implications of a token theft are also more layered: the attack can only go as far as the token's permissions do. Assuming that there is no exploitable vulnerability in the underlying authentication and authorization technology.

It could be interesting watching for the first token-attacks.

Tokens are the new passwords
What logging in with Facebook, Google, Twitter, and co. means for your online safety

Leave a Reply

Your email address will not be published. Required fields are marked *