{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihbiebgyuxrlohx2gdwqy64w77zpizo5ajvfzhyzt6eaugps7x4uy",
    "uri": "at://did:plc:haakkg7y3xdghcdmprxeexso/app.bsky.feed.post/3mjudrunwq4c2"
  },
  "path": "/t/yubikey-vs-authenticator-for-microsoft-account/37253#post_5",
  "publishedAt": "2026-04-19T15:52:12.000Z",
  "site": "https://discuss.privacyguides.net",
  "textContent": "> For example, if I log in to Outlook in a browser, is a session token created for the browser, and when I log out it gets erased?\n\nYes\n\n> What about the Outlook Android app, you only have to log in once and you remain logged in, does this mean that the session token is permanent and someone can steal it to access the account from other devices?\n\nYes, however you would need to root your device or get some APT malware on it. Due to the strict isolation in android I would not know any way to steal a session token.",
  "title": "Yubikey vs Authenticator for Microsoft account"
}