Blog

Jul 9, 2024

Why use JWT for authentication tokens (hint: it’s not performance)

A common security shortcut is put under the microscope. Relying on custom session tokens instead of proven standards like JWT can quietly shift the advantage to attackers.

With anything related to security it is virtually impossible to anticipate every single scenario in advance, and this gives attackers an advantage. If you do not use JWT, you are essentially betting on your solution being smarter than people hired specifically to create a secure authentication and authorization system.

The article recommends “just using a ‘normal’ opaque session token and storing it in the database”. That is certainly easier to implement and understand: just create a random string, and check that the user sends the correct string. What could go wrong? …

Learn More in the Community Forum

A common security shortcut is put under the microscope. Relying on custom session tokens instead of proven standards like JWT can quietly shift the advantage to attackers.


Visit forum


Visit forum


Visit forum

Get started for free

Pick your own backend and store encrypted backups of your files anywhere online or offline. For MacOS, Windows and Linux.

Pick your own backend and store encrypted backups of your files anywhere online or offline. For MacOS, Windows and Linux.


Get Started


Get Started


Get Started

  • Example image

Duplicati

Integrations

News

Download

Status

Documentation

Contact us

Visit Forum

Github

X.com

Reddit

LinkedIn

Duplicati Inc - All rights reserved

Privacy Policy

Terms of service

Duplicati

Integrations

News

Download

Status

Documentation

Contact us

Visit Forum

Github

X.com

Reddit

LinkedIn

Duplicati Inc - All rights reserved

Privacy Policy

Terms of service

Duplicati

Integrations

News

Download

Status

Documentation

Contact us

Visit Forum

Github

X.com

Reddit

LinkedIn

Duplicati Inc - All rights reserved

Privacy Policy

Terms of service