This blog post summarizes my attempts at adding an additional layer of security to my locally stored authentication information. Also, I just want to make it clear: even if a perfect solution is found for this vulnerability, server endpoints still need to verify the request. The client can never be trusted and performing crypto on the browser is a bad idea.