The kratos' session currently lasts for too long, should we ask the users to provide OTP more often?
This would mean to have 2 lifetimes for the user session, one for 1st FA (username/password) and one for 2nd FA (totp). Not sure if this makes, but I think that this is common for IdPs.
The kratos' session currently lasts for too long, should we ask the users to provide OTP more often?
This would mean to have 2 lifetimes for the user session, one for 1st FA (username/password) and one for 2nd FA (totp). Not sure if this makes, but I think that this is common for IdPs.