by aheilbut on 4/27/24, 4:32 PM with 0 comments
Consider this situation: Zero-trust network (via Cloudflare) where the endpoint computer is specifically registered and managed.
Different customers and dev environments live on completely separate systems in multiple clouds; connecting to each one requires connecting through RDP through bastion via browser, or in some cases first connecting to a bastion host and then RDP again to the final destination, both requiring a password + either DUO confirmation or yubikey with PIN entry.
Logins timeout after 15 minutes of inactivity. This happens quite frequently (>10 times per day), because one may switch focus between remote systems or between a remote system and the local machine (to look at email, browse the web, work in Office, have a meeting etc.)
Assuming that policies for authentication timeouts cannot be changed (they seem to be driven by third-party 'standards'), the only solution I can imagine is to have biometric authentication that could automatically handle at least re-authentication requests without any user intervention (and before actually locking any computers).
This ought to be able to be be done either through FaceID on laptop itself, or even with a standalone device with its own camera or 3d face scanner. But the critical thing is that it should happen passively, after an initial (daily) login.
How does this not exist? Or how else can this be solved?