Toggl supports sessions now (see here). It would be interesting to explore if we could replace the "password" or "token" authentication with those in order to improve security.