A security control that consists in forcing a new authentication during an existing session. A re-authentication may reuse the original authentication factor or request a distinct factor. The aim of re-authentication is to assure the identity of the entity after a certain amount of time, before a sensitive operation is executed or when intelligence has been collected that suggests the identity may have been compromised. It comes with a cost for the end-user and should thus be proportionate to and adequate for the circumstances. A complementary or alternative mechanism is continuous authentication. Re-authentication may be applied at the device-level (i.e. device lock) or at the system or application level. Re-authentication does not only apply to human agents. It may be applied to technical accesses as well. |