Google introduces device-bound session credentials to fight account hijacking | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Google introduces device-bound session credentials to fight account hijacking (neowin.net)
		3 points by bundie 77 days ago \| hide \| past \| favorite \| 3 comments

verdverm 77 days ago [–]

There has to be a better source for this. Neowin doesn't even talk about the credentials and is riddled with ads

verdverm 77 days ago | [–]

https://developer.chrome.com/blog/dbsc-origin-trial

https://w3c.github.io/webappsec-dbsc/

https://blog.chromium.org/2024/04/fighting-cookie-theft-usin...

verdverm 77 days ago | | [–]

I believe DPoP has similar goals, had to implement this as part of ATProto OAuth

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact