Google Develops New Device-Bound Security to Thwart Cookie Theft
-
Google is developing Device Bound Session Credentials (DBSC) to tie authentication sessions to specific devices to prevent stolen cookie data from being useful.
-
DBSC works by creating a local public/private key pair on the user's device to cryptographically prove sessions are tied to that device.
-
DBSC aims to reduce the success of cookie theft malware that copies session cookies for remote access.
-
Google expects Chrome to initially support DBSC for roughly half of desktop users based on hardware like TPMs to securely store keys.
-
Google hopes DBSC will become an open standard other browsers adopt to provide enhanced account security across the web.