Password Challenge

Why am I sometimes asked to verify my password when I'm already logged in?

Ethan S avatar
Written by Ethan S
Updated over a week ago

When you are about to do something that affects the security of your account and it has been a while since you logged in, we want to make sure you are you by confirming your password.

These actions are things such as:

  • Changing your password.

  • Turning on/off two-factor authentication.

  • Regenerating your two-factor recovery codes.

  • etc...

These actions can compromise your account and therefore we'd like to be on the safe side and make sure you are the one that's requesting the change and not a bad actor, who has somehow gotten access to your accounts session.

A session can be exposed in many ways, for example if someone steals your laptop, or your computer is compromised in some other way through malware for example. By confirming knowledge of your password the account can only remain breached for as long as the current session is valid, reducing the time window for the bad actor to do any damage.

After you‘ve confirmed your password you will not be asked to do it again for the next hour.

Did this answer your question?