Android Question GoogleOAuth2 Token - How to Make it Last Longer?

[mmieher]

Can the Token last longer than an hour? I must not be handling things correctly?

My App makes the User authenticate far too often.

 

[MicroDrie]

My App makes the User authenticate far too often.

Security has a price. The one-hour cycle means that a user authorization can be revoked within an hour after, for example, changing his or her password.

I must not be handling things correctly?

You can best determine that for yourself after reading this article OAuth2 Explained for Dummies and How OAuth2 works?

 

[mmieher]

Security has a price. The one-hour cycle means that a user authorization can be revoked within an hour after, for example, changing his or her password.


You can best determine that for yourself after reading this article OAuth2 Explained for Dummies and How OAuth2 works?

Thank you. It seems that none of my really high-profile Apps (Facebook, banks, etc) ask anywhere near once per hour. More like days or weeks. I guess that's not GoogleAuth though.

 

[MicroDrie]

Personally, I find the most interesting thing about security and privacy is the challenge of making the right choice in different contexts. Suppose a hacker takes over an account. If this is discovered, the account can be completely blocked in a maximum of one hour. An assessment has been made in which the remaining risks are regarded as acceptable. The old school bank principles are or were based on, among other things, you have what and know what about me and the use of one-time passwords in a financial transaction. As long as the residual financial risks are also small here, it is acceptable to the bank. Facebook is based more on collecting and selling as much information as possible.