So the main purpose here is to show _a_ way that session-token theft can be mitigated. Clearly, this isn't NSA proof or something you'd use to secure a BL5 containment facility, but to prevent session-jacking; if feels like it could help a lot, and would be pretty quick and easy to roll out if an IDP wanted to implement it.
14 comments
Show HN: Storing Private Keys in the Browser Securely | Heykuki News