{"componentChunkName":"component---src-pages-markdown-remark-fields-slug-js","path":"/identity/json-web-token-stolen/","result":{"data":{"markdownRemark":{"id":"0a7dae49-42bd-5b4b-9db0-709488e6b454","excerpt":"JSON web tokens are widely used as access tokens in commercial applications for granting access to consumers for a short period of time.  These tokens include a…","html":"<p>JSON web tokens are widely used as access tokens in commercial applications for granting access to consumers for a short period of time. </p>\n<p>These tokens include a token signature for integrity and are solely based on JSON format to authenticate users to provide access to certain services and resources within a network.  \\</p>\n<p>Since these tokens provide secure access to an authenticated user, attackers are always looking for ways to steal these tokens and quickly gain access by impersonating a consumer. </p>\n<p>So what can be done at the enterprise level to ensure maximum security, and what are the steps that can help in a situation where a client’s <a href=\"https://www.loginradius.com/blog/engineering/jwt/\">JSON web token</a> is stolen? </p>\n<p>Remember, once a JWT (JSON Web Token) is stolen, it can be the worst thing for an individual and the enterprise as there’s a huge chance of data breach and exploitation.</p>\n<p>In this post, we will discuss the security implications of utilizing JSON web tokens, how they work, and how to minimize the loss if a token is stolen. </p>\n<h2 id=\"jwt--how-is-it-used-for-authentication\" style=\"position:relative;\"><a href=\"#jwt--how-is-it-used-for-authentication\" aria-label=\"jwt  how is it used for authentication permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>JWT- How Is It Used for Authentication?</h2>\n<p>JWT is made from 3 components-the <em>Header</em>, the <em>Payload</em>, and the <em>Signature</em>. </p>\n<p>The _Payload _generally contains the user information and regarding the transaction for which access is required. </p>\n<p>The _Header _contains the technical metadata details of the JWT placed in a separate JavaScript object and is sent with the Payload. </p>\n<p>Now, the last part of JWT is the <em>Signature</em>. It’s a MAC (Message Authentication Code), which can only be produced by an individual that possesses both the Payload and Header along with a secret key. </p>\n<p>Once the user submits the credentials to the authentication server, the server validates the credentials and then creates a JWT with the user’s details along with the expiration timestamp.</p>\n<p>Now, the authentication server considers a security key and then utilizes it to sign the Header and the Payload and then sends it back to the user’s web browser.</p>\n<p>The browser then takes the signed JWT and begins sending the same with every HTTP request to the application server. </p>\n<p>In a nutshell, the signed JWT is now acting as a temporary login credential for a user, which replaces the permanent credential. </p>\n<p><strong>Read more</strong>: <a href=\"https://www.loginradius.com/blog/engineering/invalidating-jwt/\">Invalidating JSON Web Tokens</a></p>\n<h2 id=\"what-to-do-if-jwt-token-is-stolen\" style=\"position:relative;\"><a href=\"#what-to-do-if-jwt-token-is-stolen\" aria-label=\"what to do if jwt token is stolen permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>What to Do if JWT Token is Stolen?</h2>\n<p>There could be nothing worse than getting a JWT token stolen, as it’s like providing a license to bypass all the layers of security to an attacker for exploiting sensitive information. </p>\n<p>Here are some crucial steps that enterprises should consider when their client’s token gets stolen: </p>\n<h3 id=\"1-ask-clients-to-change-their-passwords-immediately\" style=\"position:relative;\"><a href=\"#1-ask-clients-to-change-their-passwords-immediately\" aria-label=\"1 ask clients to change their passwords immediately permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>1. Ask Clients to Change their Passwords Immediately</h3>\n<p>One of the most important steps is to ask your clients to change their passwords immediately if there’s an instance where the JWT token is stolen.  </p>\n<p>Changing the password of an account will prevent attackers from exploiting the account and would eventually help in avoiding a data breach. </p>\n<h3 id=\"2-revoke-tokens\" style=\"position:relative;\"><a href=\"#2-revoke-tokens\" aria-label=\"2 revoke tokens permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>2. Revoke Tokens</h3>\n<p>If you suspect any token being used by an unauthorized professional, it is best to revoke a token. This immediately pulls the attacker out of your network and helps in minimizing the risk. </p>\n<p>Once the token is revoked, ask the client to reset their password and ensure they choose a strong password and must utilize <a href=\"https://www.loginradius.com/multi-factor-authentication/\">multi-factor authentication</a> in place as offered by LoginRadius CIAM.</p>\n<p><a href=\"https://www.loginradius.com/resource/guide-to-modern-customer-identity/\"><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 30.307692307692307%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAAAsSAAALEgHS3X78AAABoElEQVQY0zWPyUtbURjFH9aa4QmWakBrGmmrGXyJxEaeUWNsBqOpAzhAMArWlm4cKkhdiGlF3KjgQgQFqYVStSmCqCClcWF1IXXVVTcu/Fd+3ncli8O9373nO4NidYV4+KKZhbk5rk6zHH3bYnd7gz+5E3Z3vuIMdlEo/q2uVszV4tRilAX7KK2LYfHGMbvbMNe0CISwOEMoqiAWPAuSGnrPxc8dzvY3Od1b5+D7F7JrC3ib2nkgBcWCWFSFiCMyhBZPYdX7MfkSWJ0tUswQVvIXrXmAd4PDLM/OsL40z+ToGIsfZ6iL9klDI2FFQxK7/pongQ7KA53YGwT0JJV6FyXaK0x5QZOo4gokSfa+oX9gjHhnGndtmPqXMcp9EUk0eAZs9Qnsjd08DXbjaOqRJqo7LEPJypIo3Kt8UWr97Xj8CZ5rEWwOndLKAI89baieMEqFn4nMKv9vbjn8dc6P499kT3JcXv8jd/mXR94oRSKYkneW1cWDpeYeqpiLhbNR1UBBlU6jaDA+v8Lw9CfSUxnSHzK8nV1iZPozxcLUaHIH2VzYTeppS8MAAAAASUVORK5CYII='); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"EB-GD-to-mod-cust-id\"\n        title=\"EB-GD-to-mod-cust-id\"\n        src=\"/static/e8ca49370e6ab28514cbd05ef77951af/e5715/EB-GD-to-mod-cust-id.png\"\n        srcset=\"/static/e8ca49370e6ab28514cbd05ef77951af/a6d36/EB-GD-to-mod-cust-id.png 650w,\n/static/e8ca49370e6ab28514cbd05ef77951af/e5715/EB-GD-to-mod-cust-id.png 768w,\n/static/e8ca49370e6ab28514cbd05ef77951af/81501/EB-GD-to-mod-cust-id.png 2886w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></a></p>\n<h3 id=\"3---look-for-a-security-breach-within-your-network\" style=\"position:relative;\"><a href=\"#3---look-for-a-security-breach-within-your-network\" aria-label=\"3   look for a security breach within your network permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>3.   Look for a Security Breach Within your Network</h3>\n<p>Since an attacker can exploit a user account to gain access to your organization’s sensitive information, it is crucial to inspect your environment for any attempts to access resources or bypass security layers. </p>\n<p>If you find anything suspicious, put your best foot forward to analyze the loss and work immediately to rectify the situation and minimize further damage. </p>\n<h3 id=\"4-work-on-the-root-cause\" style=\"position:relative;\"><a href=\"#4-work-on-the-root-cause\" aria-label=\"4 work on the root cause permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>4. Work on the Root Cause</h3>\n<p>Your business must identify the root cause of a token getting stolen from a client’s end. It’s your responsibility to check whether the breach was due to inadequate utilization of security measures, poor device security, or due to human error. </p>\n<p>Once you’re aware of the actual cause, make sure you tighten your security and add multiple layers of security and authentication like MFA (Multi-Factor Authentication) and RBA (Risk-Based Authentication) as offered by LoginRadius. </p>\n<h2 id=\"conclusion\" style=\"position:relative;\"><a href=\"#conclusion\" aria-label=\"conclusion permalink\" class=\"anchor before\"><svg aria-hidden=\"true\" focusable=\"false\" height=\"16\" version=\"1.1\" viewBox=\"0 0 16 16\" width=\"16\"><path fill-rule=\"evenodd\" d=\"M4 9h1v1H4c-1.5 0-3-1.69-3-3.5S2.55 3 4 3h4c1.45 0 3 1.69 3 3.5 0 1.41-.91 2.72-2 3.25V8.59c.58-.45 1-1.27 1-2.09C10 5.22 8.98 4 8 4H4c-.98 0-2 1.22-2 2.5S3 9 4 9zm9-3h-1v1h1c1 0 2 1.22 2 2.5S13.98 12 13 12H9c-.98 0-2-1.22-2-2.5 0-.83.42-1.64 1-2.09V6.25c-1.09.53-2 1.84-2 3.25C6 11.31 7.55 13 9 13h4c1.45 0 3-1.69 3-3.5S14.5 6 13 6z\"></path></svg></a>Conclusion</h2>\n<p>With businesses facing new security vulnerabilities every day, stolen JWT tokens could be the worst thing for any enterprise delivering online services. </p>\n<p>It’s crucial for businesses to ensure maximum security at the consumer level and take necessary precautions to <a href=\"https://www.loginradius.com/blog/identity/2019/10/cybersecurity-best-practices-for-enterprises/\">avoid a security breach</a>. </p>\n<p>The aforementioned aspects could help mitigate the risk and ensure minimum loss if a security threat related to a client’s JWT token is detected. </p>\n<p><a href=\"https://www.loginradius.com/book-a-demo/\"><span\n      class=\"gatsby-resp-image-wrapper\"\n      style=\"position: relative; display: block; margin-left: auto; margin-right: auto; max-width: 768px; \"\n    >\n      <span\n    class=\"gatsby-resp-image-background-image\"\n    style=\"padding-bottom: 30.307692307692307%; position: relative; bottom: 0; left: 0; background-image: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAAGCAYAAADDl76dAAAACXBIWXMAAAsSAAALEgHS3X78AAABdElEQVQY002RO0/CUBzFG6PtbZWHCAmRmBB5P8vDII9SSC0omog4oAEGjZMO6OKEuLjoJ2Fx0cSBwUQnXZxcHPwux38LJA7nNvfec8+5v1tOCCiwpbbhye2BxbYgBMtgIRVioDRRsARGXxZUzLlEHmehBaesQ4rrEMPViYf2DR9nDGKkChbVICVqsMt1WJI1sHCFwhUsUIFohJH49TxECvRUjhDW2mAbB5iP6hB8hUkhiRPN5KIZYJdrsEYrcCSpmQqMm6/m9ylUhSulY7N5ivROB3L9GOlGF3Ktbc4zuz341UPw/uIk0ESbBjoSGlYIx8BfzjSwVmyCEYEUUmCPa3Bnd+hwC75yC95S05SxbolU/iEbOCFCpDexEfIioTNCNd6Tp6IlMnNuGeeDe3z//OLx5RWj5zFGT2O8fXxh/P4Ja6w6vSEFCnTIlW2YiDzhzX7ATFKojDlvjpBPcDF4QPdyiG5/iE7/BmfXd+hd3VKpCoG8fzxWw2+c+yTpAAAAAElFTkSuQmCC'); background-size: cover; display: block;\"\n  ></span>\n  <img\n        class=\"gatsby-resp-image-image\"\n        alt=\"book-a-demo-loginradius\"\n        title=\"book-a-demo-loginradius\"\n        src=\"/static/fcc4c4b5dc38cc4528f99d09480f4eb2/e5715/book-a-demo-loginradius.png\"\n        srcset=\"/static/fcc4c4b5dc38cc4528f99d09480f4eb2/a6d36/book-a-demo-loginradius.png 650w,\n/static/fcc4c4b5dc38cc4528f99d09480f4eb2/e5715/book-a-demo-loginradius.png 768w,\n/static/fcc4c4b5dc38cc4528f99d09480f4eb2/63ff0/book-a-demo-loginradius.png 2887w\"\n        sizes=\"(max-width: 768px) 100vw, 768px\"\n        style=\"width:100%;height:100%;margin:0;vertical-align:middle;position:absolute;top:0;left:0;\"\n        loading=\"lazy\"\n      />\n    </span></a></p>\n<style class=\"grvsc-styles\">\n  .grvsc-container {\n    overflow: auto;\n    -webkit-overflow-scrolling: touch;\n    padding-top: 1rem;\n    padding-top: var(--grvsc-padding-top, var(--grvsc-padding-v, 1rem));\n    padding-bottom: 1rem;\n    padding-bottom: var(--grvsc-padding-bottom, var(--grvsc-padding-v, 1rem));\n    border-radius: 8px;\n    border-radius: var(--grvsc-border-radius, 8px);\n    font-feature-settings: normal;\n  }\n  \n  .grvsc-code {\n    display: inline-block;\n    min-width: 100%;\n  }\n  \n  .grvsc-line {\n    display: inline-block;\n    box-sizing: border-box;\n    width: 100%;\n    padding-left: 1.5rem;\n    padding-left: var(--grvsc-padding-left, var(--grvsc-padding-h, 1.5rem));\n    padding-right: 1.5rem;\n    padding-right: var(--grvsc-padding-right, var(--grvsc-padding-h, 1.5rem));\n  }\n  \n  .grvsc-line-highlighted {\n    background-color: var(--grvsc-line-highlighted-background-color, transparent);\n    box-shadow: inset var(--grvsc-line-highlighted-border-width, 4px) 0 0 0 var(--grvsc-line-highlighted-border-color, transparent);\n  }\n  \n</style>","headings":[{"value":"JWT- How Is It Used for Authentication?","depth":2},{"value":"What to Do if JWT Token is Stolen?","depth":2},{"value":"1. Ask Clients to Change their Passwords Immediately","depth":3},{"value":"2. Revoke Tokens","depth":3},{"value":"3.   Look for a Security Breach Within your Network","depth":3},{"value":"4. Work on the Root Cause","depth":3},{"value":"Conclusion","depth":2}],"fields":{"slug":"/identity/json-web-token-stolen/"},"frontmatter":{"metatitle":"What Should You Do if Someone Steals Your JSON Web Token?","metadescription":"JSON web tokens, if stolen by attackers, could lead to a massive loss for a business and consumers. Read the security best practices to minimize the loss.","description":"JWT tokens provide secure access to an authenticated user, and attackers are always looking for ways to steal these tokens and quickly gain access by impersonating a consumer. Here we’ve clubbed efficient ways for enterprises to ensure maximum security and steps that can help in a situation where a client’s JSON web token is stolen.","title":"What to Do if Someone Steals Your JSON Web Token?","canonical":null,"date":"June 10, 2021","updated_date":null,"tags":["data security","authentication"],"coverImage":{"childImageSharp":{"fluid":{"aspectRatio":1.5037593984962405,"src":"/static/048bbc276b9da7bd28ae8f5b2424c5a1/701ee/json-web-token-stolen-cover.jpg","srcSet":"/static/048bbc276b9da7bd28ae8f5b2424c5a1/3dcee/json-web-token-stolen-cover.jpg 200w,\n/static/048bbc276b9da7bd28ae8f5b2424c5a1/ae6ae/json-web-token-stolen-cover.jpg 400w,\n/static/048bbc276b9da7bd28ae8f5b2424c5a1/701ee/json-web-token-stolen-cover.jpg 800w,\n/static/048bbc276b9da7bd28ae8f5b2424c5a1/0c4fc/json-web-token-stolen-cover.jpg 1024w","sizes":"(max-width: 800px) 100vw, 800px"}}},"author":{"id":"Vishal Sharma","github":null,"bio":"Vishal Sharma - a writer by day and a reader by night, is working as a Sr. Content Writer at LoginRadius. With a demonstrated history of thriving business success through sustainable marketing tactics, he ensures high-quality & valuable content is distributed across diverse channels. When not writing, you can find him watching a movie or maybe, reading a book.","avatar":null}}}},"pageContext":{"id":"0a7dae49-42bd-5b4b-9db0-709488e6b454","fields__slug":"/identity/json-web-token-stolen/","__params":{"fields__slug":"identity"}}},"staticQueryHashes":["1171199041","1384082988","1711371485","1753898100","2100481360","229320306","23180105","528864852"]}