Hacker News new | ask | show | jobs
by DougBTX 6461 days ago
In theory by using a cookie which can be verified by any server, but which can only be generated with the user's password (which is never stored in clear text).

There is an article here, http://www.lightbluetouchpaper.org/2008/05/16/hardened-state... but the PDF link seems dead.