The need for long tokens!

--

Cross-reference post from: https://blog.alightservices.com/2022/03/the-need-for-long-tokens.html

Most websites use tokens for various things such as password resets for example: htttps://www.domain.com/ResetPassword?id=12345abcde. In this example, the “12345abcde” is the token. The advanced spying equipment misusers easily misuse by looking at the token. Instead if the token is long enough say 1024 characters, in the email without showing the URL if a HTML link is provided, when the user clicks a link and the browser opens a new tab, the browser window would not show the entire 1024 characters and hackers/spies wouldn’t be able to see the token.

In an extremely worst-case scenario, some websites use tokens in the URL for session management and these websites become easy targets for session hijacking. Session hijacking is a method used by hackers to steal the session cookie value or session token value and use those in their own browsers. This is a very dangerous situation and an offense, yet some spies/hackers use these techniques online. And to hide their real identities they impersonate someone else because they are hackers online.

--

--