Passwordless authentication standards have improved identity security, but new research indicates this technology is vulnerable to token hijacks and man-in-the-middle attacks.

Researchers say it was possible to hijack old Epic Games domains and use them break into other users' accounts.

GitHub will automatically scan for access tokens in public code with its new beta. It's also launching an API for security advisories.

Names, email addresses, phone numbers and social media access tokens were exposed.