Not if they don't have the passwords and 2FA devices to access company resources... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hannasanarion on Aug 18, 2023 \| parent \| context \| favorite \| on: Short session expiration does not help security Not if they don't have the passwords and 2FA devices to access company resources from that machine, and all of the sessions are expired.

GoblinSlayer on Aug 18, 2023 [–]

If all sessions expired, then the user doesn't have access to information either - same access as the attacker. There are cached copies of emails too.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact