Google Aims to Make Stolen Cookies Useless for Attackers

Google is preparing a new feature, called Device Bound Session Credentials (DBSC), that should make it much more difficult for hackers to use stolen session cookies. One piece of advice people regularly hear is to use multi-factor authentication (MFA) to secure online accounts, which is extremely important in any context. Unfortunately, one way to bypass MFA is to steal session cookies directly from victims and use them to authenticate into online services. Despite the bad rep cookies get, the
文 » A