Do login forms need tokens against CSRF attacks?

Question

From what I\'ve learned so far, the purpose of tokens is to prevent an attacker from forging a form submission.

For example, if a website had a form that input added

Answer 1

Yes, So other websites can't mimic your login form! As simple as that.

What can they achieve by doing it?

• First: you don't wanna allow that.
• Second: Even very simple failure cases like:
  • blocking user due to incorrect password n no. of times, can be avoided.
  • Flase hacking alerts can be prevented. etc etc.