Communications of the ACM

Overcoming Obstacles to Passwordless Authentication

Some credentials from recent infostealer logs include session tokens or cookies, which attackers can use to bypass ...