New IETF Standards for the Protection of Authentication Tokens Approved
The Internet Engineering Task Force (IETF) approved this week three new standards which are expected to improve the security of authentication tokens against “replay attacks.”
Replay attacks work when hackers steal authentication tokens which used to keep a user logged in on a site without having to enter their login credentials again. The standards add another layer of security by creating a unique link between the user’s device and the token, so an attacker will only be able to execute a replay attack if he is using the same exact device or device configuration the token was created on.
The protocol’s authors added that they designed the token binding process to avoid adding extra round trips to the TLS handshake process which gets rid of unnecessary performance hits to existing servers.