Authentication is one of those backend problems that looks simple until systems begin to scale.
At first, it seems straightforward. A user logs in, the server verifies their identity, and access is granted. But once you move beyond a single server and a few thousand users, authentication stops being a login feature and becomes a systems design problem.
That is exactly why the industry has changed its approach over time.
We started with stateful session-based authentication because it was simple and reliable. Then stateless authentication, especially JWT, became the preferred model for distributed systems and APIs. Now a newer token standard, PASETO, is gaining attention for a different reason: it keeps the benefits of stateless authentication while trying to remove many of JWT’s security and design pitfalls.
This shift is not just about choosing one token format over another. It reflects a larger lesson in software engineering: the tools that solve scalability problems can also introduce new security and complexity tradeoffs if they are too flexible for their own good.
In this article, we will walk through that evolution — from sessions to JWT to PASETO — and look at where each model works, where it struggles, and why more teams are reconsidering what “good authentication design” should look like today.
The Starting Point: Stateful Authentication
In the early days of web applications, authentication was mostly stateful.
When a user logged in with their email and password, the server validated those credentials and created a session. That session represented the user’s authenticated state and was stored on the server, either in memory or in a shared store such as Redis or a database.
The browser received a session identifier, usually in a cookie, and sent it back with each future request. The server would look up that identifier, find the stored session, and determine which user was making the request.
This model was intuitive because the server remained in control. It “remembered” the user between requests, and the browser only needed to carry a small session ID.
For a long time, this worked extremely well.
Why Stateful Authentication Became Hard to Scale
The challenge with stateful authentication is not correctness. It is operational overhead.
As applications grow, the server must continue storing active session data for every logged-in user. At small scale, that is manageable. At large scale, it becomes infrastructure.
If sessions are stored in local memory, a server restart can wipe them out and force users to log in again. If the application runs across multiple servers behind a load balancer, the problem gets more complicated. A user may authenticate on one server, but their next request could land on another server that has no record of their session.
There are ways to solve this, such as sticky sessions or centralized session stores, but each solution adds more moving parts. The authentication layer becomes tightly coupled to session storage, request routing, and deployment architecture.
That complexity is what pushed many teams toward stateless authentication.
Stateful vs Stateless Authentication
The difference between these two models is simple.
In a stateful system, the server stores authentication state and uses that state to recognize the user on future requests.
In a stateless system, the server stores no per-user authentication state between requests. Instead, the client carries a token that proves identity, and the server verifies that token each time.
This made stateless authentication especially appealing for APIs, mobile apps, microservices, and horizontally scaled systems. It reduced dependency on centralized session storage and allowed any server that had the right cryptographic key to validate incoming tokens.
That model fit modern backend architecture much better.
And the token standard that became synonymous with stateless authentication was JWT.
JWT: The Token That Defined Stateless Authentication
JWT, or JSON Web Token, became popular because it offered a practical answer to a very real scaling problem.
When a user logs in, the server creates a token containing a set of claims, such as user ID, role, issuer, and expiration time. It then signs that token and returns it to the client.
The client stores the token and sends it with future requests, usually in the Authorization header. The server verifies the token signature and, if valid, trusts the claims inside it.
This approach removed the need for server-side session lookups. Any server with the correct signing secret or public verification key could validate the token.
That made JWT highly attractive in distributed environments.
It scaled well, integrated easily with APIs, and quickly gained support across frameworks, libraries, and identity platforms.
For many teams, JWT felt like the clean modern replacement for traditional sessions.
And in many ways, it was.
Why JWT Became So Widely Adopted
JWT solved several real engineering problems at once.
It made horizontal scaling easier because authentication no longer depended on local session memory. It worked naturally in API-first architectures where clients could carry tokens independently. It also fit well in service-oriented systems where multiple services needed a shared, verifiable proof of identity.
On top of that, JWT benefited from timing. It arrived at the moment the industry was moving toward distributed systems, mobile clients, and cloud-native infrastructure. The ecosystem around it grew quickly, and soon JWT was everywhere.
That momentum is a big reason it remains the default token format in many production systems today.
But widespread adoption also exposed a different truth: JWT is easy to start with, yet surprisingly easy to misuse.
The Problem With JWT Is Not Popularity — It Is Flexibility
JWT’s biggest strength is also one of its biggest weaknesses.
It is flexible.
At first, that seems like an advantage. Flexible standards adapt to many use cases. But in authentication and cryptography, flexibility often creates room for mistakes.
One of the most common misunderstandings is that JWT payloads are private. In reality, standard JWTs are encoded, not encrypted. Anyone holding the token can decode its payload and read the claims inside it. That does not automatically make JWT insecure, but it does mean developers should never assume token contents are hidden.
JWT also allows multiple signing algorithms and implementation choices. That configurability has historically led to verification bugs, bad defaults, and avoidable security mistakes. A token format used for authentication should be difficult to misuse, but JWT has often relied too heavily on developers making the right cryptographic decisions.
There is also the issue of revocation. Once a JWT is issued, it typically remains valid until it expires. If a token is stolen, if a user logs out, or if access permissions change, revoking that token immediately becomes far more complicated than simply deleting a session. Teams often need short-lived tokens, refresh token systems, or revocation lists to manage the risk.
In other words, JWT solved server-side state management but introduced new complexity elsewhere.
That is the context in which PASETO began gaining attention.
PASETO: A Safer Reframing of Stateless Tokens
PASETO, short for Platform-Agnostic Security Tokens, was designed as an alternative to JWT with a more opinionated security model.
The main idea behind PASETO is straightforward: remove dangerous configuration choices and make secure defaults part of the standard itself.
Instead of offering broad cryptographic flexibility, PASETO narrows the path. It aims to reduce the chance of developers accidentally choosing weak algorithms, misconfiguring token verification, or exposing sensitive data without realizing it.
That makes PASETO less about adding new features and more about improving the safety and clarity of token-based authentication.
Its structure is also simpler to reason about. A PASETO token typically follows the format:
version.purpose.payload.footer
This explicit structure makes the token’s purpose easier to understand and its behavior easier to validate.
How PASETO Works
PASETO supports two common token modes.
The first is the local token. Local tokens are encrypted using symmetric cryptography. This means the payload is private and cannot be casually decoded by anyone holding the token.
The second is the public token. Public tokens are signed using asymmetric cryptography. One service issues and signs the token with a private key, while other services verify it using the corresponding public key.
This distinction matters.
With JWT, developers often conflate visibility and validity. A token can be validly signed while still exposing readable claims. PASETO makes the split more explicit by clearly separating encrypted tokens from signed ones.
That cleaner security model is one of the reasons many engineers find it appealing.
JWT vs PASETO: A Quick Comparison
| Area | JWT | PASETO |
|---|---|---|
| Core idea | Signed token format for stateless auth | Safer-by-default token format for stateless auth |
| Payload visibility | Usually encoded, readable by anyone with the token | Local tokens are encrypted; payload can be private |
| Cryptographic flexibility | High flexibility, more room for misuse | Opinionated design, fewer dangerous choices |
| Security defaults | Depends heavily on correct implementation | Stronger defaults built into the standard |
| Ecosystem support | Very large and mature | Smaller but growing |
| Industry adoption | Widely used across frameworks and identity systems | Emerging, especially in security-conscious teams |
| Best fit | Systems needing broad compatibility and ecosystem support | Newer systems prioritizing safer defaults and simpler security decisions |
| Main downside | Easy to misconfigure and hard to revoke cleanly | Less ecosystem support and lower familiarity |
Why Teams Are Interested in PASETO
The interest in PASETO is not really about replacing JWT everywhere.
It is about reducing avoidable risk.
Teams that choose PASETO are often attracted to the fact that it is harder to misuse. They want a token format that gives them stateless authentication without requiring every developer on the team to think like a cryptography specialist.
PASETO also offers a better privacy story when encrypted local tokens are used. This is important for systems where token payload visibility is a concern and where encoded-but-readable claims are not acceptable.
Most importantly, PASETO feels more aligned with a modern engineering principle: secure systems should be safe by design, not safe only when configured perfectly.
That philosophy is what makes it compelling.
Why JWT Is Still the Industry Default
Despite PASETO’s strengths, JWT remains the dominant standard.
The reason is simple: ecosystem gravity.
JWT is deeply integrated into identity providers, API gateways, cloud products, authentication middleware, and developer tooling. Most teams already know how it works, and most stacks already support it.
That means JWT is often not just a technical choice, but an organizational one. It is familiar, battle-tested, and compatible with the rest of the system.
PASETO may be better designed in some respects, but better design alone does not instantly replace an established standard.
This is why many teams continue using JWT in production while exploring PASETO in newer services or internal proofs of concept.
Are There Any Downsides to PASETO?
Yes, and they should be considered honestly.
The biggest limitation is ecosystem maturity. PASETO does not yet have the same level of library support, third-party integration, or platform adoption as JWT. For many organizations, that alone is enough to delay adoption.
There is also a familiarity gap. JWT is widely understood across teams, while PASETO is still relatively new in comparison. That affects documentation, onboarding, debugging, and long-term maintainability.
And like any stateless token approach, PASETO does not eliminate core authentication concerns such as key rotation, expiration policies, refresh flows, token theft, or logout semantics. It improves the token format, but it does not remove the need for thoughtful architecture.
So while PASETO is safer in important ways, it is not a shortcut around authentication design.
Which One Should You Choose?
If your system already depends on JWT-heavy infrastructure, uses third-party identity platforms built around JWT, or values ecosystem compatibility above all else, JWT may still be the right practical decision.
But if you are designing a new system, especially one where security defaults matter and your team wants to reduce cryptographic footguns, PASETO deserves serious consideration.
This is not a battle between “old” and “new.”
It is a choice between a highly adopted standard that requires more care, and a newer standard designed to make that care easier to apply correctly.
That distinction matters more than hype.
Final Thoughts
Authentication has changed because backend systems have changed.
Stateful sessions made sense when applications were simpler and ran closer to a single-server model. JWT became popular because modern systems needed a portable, stateless way to prove identity across APIs and distributed infrastructure. PASETO is gaining attention because teams have learned an important lesson from that shift: scalability alone is not enough if the security model remains easy to misuse.
That is what makes this conversation worth having.
JWT was a major step forward, but it also showed how quickly flexible standards can become risky in the hands of busy teams working at scale. PASETO is interesting not because it promises perfection, but because it tries to fix a deeper product problem in authentication design — the gap between what is technically possible and what is safely usable by default.
In the end, the best authentication system is not the one with the most features or the trendiest token format. It is the one your team can understand, operate, and secure with confidence.
And increasingly, that is why PASETO is part of the conversation.