DBSC (Device Bound Session Credentials)

## Introduction

Device Bound Secure Credentials (DBSC) aims to reduce account hijacking caused by cookie theft. It does so by introducing a protocol and browser infrastructure to maintain and prove possession of a cryptographic key.

This proposal offers two important features that we believe makes it easier to deploy than previous proposals. DBSC provides application-level binding and browser initiated refreshes that can make sure devices are still bound to the original device.

## Feedback

I welcome feedback in this thread, but encourage you to file bugs against [Device Bound Secure Credentials](https://github.com/kmonsen/dbsc/blob/main/README.md).

[explainer]: https://github.com/kmonsen/dbsc/blob/main/README.md "Device Bound Secure Credentials"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

DBSC (Device Bound Session Credentials) #106

Introduction

Feedback

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

DBSC (Device Bound Session Credentials) #106

Description

Introduction

Feedback

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions