236 – Establish authentication time

Summary

The authentication process must have a defined time limit of 30 seconds.

Description

A time limit helps to reduce the exposure of sensitive authentication information to potential attackers. For example, if an authentication session is open indefinitely, it increases the risk of unauthorized access through techniques like session hijacking or data interception.

Supported In

Advanced: True

References

• HITRUST-01_u. Limitation of connection time
• BSAFSS-IA_1-1. Software development environment authenticates users and operators
• CWE-287. Improper authentication
• CASA-2_10_1. Service Authentication
• RESOLSB-Art_30_4. Security in Electronic Channels - Digital Banking
• OWASPMASVS-AUTH-1. The app uses secure authentication and authorization protocols and follows the relevant best practices

Last updated

2024/01/18