register now
May 30 - June 2, 2023 | ARIA Resort & Casino, Las Vegas, NV
register now
2022 Event | Session Video
Implementing Long Lived Sessions Without Reducing the Level of Security and Trust

Speaker: Kishore Gangwani, Architect (Application Security), CVS Health
Date: Thursday, June 23, 2022
Location: Denver, CO

Description: An application can improve user experience by creating long-lived user sessions and avoiding asking users to log in frequently. This is particularly true for applications that do not use low-friction login like FIDO-based flows. As an example, a user can log in once into a web application in a browser and access the application for days, weeks, or months without authenticating again. Access is maintained even after closing and re-opening the browser. However, long lived-sessions increase the time window for attackers to hijack session credentials (tokens, cookies, etc.) amplifying the risks and reducing application security. This session will discuss some ways in which applications can mitigate the increased risks if the applications implement long-lived sessions, and, as a result, reduce friction in user experience without compromising on security.

Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now