EPISODE · Feb 28, 2026 · 27 MIN
#35 - How Stolen Sessions are Bypassing MFA and How to Finally Stop Them
from The Identity Navigator · host Rohit Agnihotri
Imagine this: Tuesday morning. Security dashboard green. MFA at 100%. Privileged accounts vaulted. Fortress built.Then an attacker logs in as your CFO via a stolen browser cookie. No password guess. No brute force. Your stack? Silent.We dive into Pass-the-Cookie attacks, the elite technique bypassing MFA via infostealer malware and AiTM phishing.We cover:Bearer tokens as the “keycard anyone can use”Microsoft’s Token Protection with PRT + TPM for device-bound proof-of-possessionOkta FastPass, device binding, and ASN/IP session controlsDBSC: Browsers’ revival of Token Binding to kill cookie theft foreverPlus your playbook of what features to Enable.Technical deep dive for IAM leaders.
What this episode covers
Imagine this: Tuesday morning. Security dashboard green. MFA at 100%. Privileged accounts vaulted. Fortress built.Then an attacker logs in as your CFO via a stolen browser cookie. No password guess. No brute force. Your stack? Silent.We dive into Pass-the-Cookie attacks, the elite technique bypassing MFA via infostealer malware and AiTM phishing.We cover:Bearer tokens as the “keycard anyone can use”Microsoft’s Token Protection with PRT + TPM for device-bound proof-of-possessionOkta FastPass, device binding, and ASN/IP session controlsDBSC: Browsers’ revival of Token Binding to kill cookie theft foreverPlus your playbook of what features to Enable.Technical deep dive for IAM leaders.
NOW PLAYING
#35 - How Stolen Sessions are Bypassing MFA and How to Finally Stop Them
No transcript for this episode yet
Similar Episodes
Mar 26, 2026 ·1m
Mar 19, 2026 ·34m
Feb 18, 2026 ·11m
Feb 11, 2026 ·45m