JWT stands for JSON Web Token. It is a compact, signed token format used to carry claims about a user, a session, or an authorization decision. A server issues the token after login or another trust check, and the client presents it to prove identity or access rights without sending a password on every request.
JWTs matter because they are often used to protect APIs and admin functions. If an attacker steals a token from browser storage, logs, or a vulnerable endpoint, they may be able to impersonate a user until the token expires. Defenders should validate the signature, check issuer and audience values, keep token lifetimes short, rotate signing keys carefully, and store tokens in ways that reduce exposure. In practice, JWTs are useful for stateless authentication, but they are only as safe as the systems that issue, transport, and verify them.