Security tokens such as JWTs are now commonplace in developer guides and documentation. They are a key part of securing mobile and web applications. Why is this? What benefits do they provide? How should you use them in your applications? In this talk, you'll learn what security tokens are, how to use them, and how to abuse them. >:) Along the way, you'll learn the differences between the three most popular types of security tokens: JWTs, Macaroons, and PASETO, and when to use (and not use!) them.