Foreseeing a probability of such circumstances to happen I filed a patent on an idea I had.
The issue that almost any website has is the ability to be proxied by a Man in The Middle. Means by that is that if I (Haim/Vital) now copy exactly a website, put it on my server and forward the same user actions from my site to the original site, then once the user is logged in, since it’s done via the hacker’s machine in the middle, then the attacker can keep using the victim’s session as technically it’s simply possible.
In my patent I do not let a MiTM attack a room to happen. How? Simply. Each request and response are treated like JWT! The only difference is that both parties both sign and validate the JWT. And the additional shared secret which is required by design is shared via a 3rd communication channel, via email. So that even if user’s credentials are stolen, the shared key still won’t let the attacker to fake a request.