Frequent reauth doesn't make you more secure
a year ago
- #security
- #authentication
- #MFA
- Frequent reauthentication disrupts workflow and increases MFA fatigue, making security worse.
- Security should focus on access management and real-time policy updates, not frequent logins.
- Authentication checks should verify device possession or identity, depending on the context.
- Frequent logins provide more opportunities for attackers to steal credentials.
- Modern OS screen locks effectively secure sessions without frequent login prompts.
- Website session expirations are often too short to prevent hijacking but long enough to annoy users.
- Continuous verification and device posture checks offer better security than frequent logins.
- Security should be adaptive, intelligent, and minimally intrusive to users.