Reauthentication is the requirement for a user to verify identity again after an earlier login, usually before a sensitive action or after risk changes. It matters because an older session may not provide enough confidence for high-risk activity later in its lifetime.
What is Reauthentication?
Systems may require reauthentication when a user changes a password, accesses sensitive data, elevates privilege, approves a transaction, or triggers risk signals during an active session. This helps ensure the current actor is still trusted for the action at hand.
What Reauthentication Commonly Supports
Common uses include privilege elevation, payment approval, account changes, suspicious-session handling, and high-sensitivity workflow protection.
Reauthentication vs. Initial Login Only
Initial login verifies identity once at the start. Reauthentication asks for fresh proof later when context or action risk justifies it.
Frequently Asked Questions
Why is reauthentication important?
Because some actions should require fresher trust than a long-running or low-context session provides.
Is reauthentication the same as MFA?
Not exactly. Reauthentication is about doing verification again; that repeated verification may or may not involve MFA depending on policy.
