Android Question GoogleOAuth2 Token - How to Make it Last Longer?

My App makes the User authenticate far too often.

Click to expand...

Security has a price. The one-hour cycle means that a user authorization can be revoked within an hour after, for example, changing his or her password.

I must not be handling things correctly?

Click to expand...

You can best determine that for yourself after reading this article OAuth2 Explained for Dummies and How OAuth2 works?

MicroDrie said:

Security has a price. The one-hour cycle means that a user authorization can be revoked within an hour after, for example, changing his or her password.


You can best determine that for yourself after reading this article OAuth2 Explained for Dummies and How OAuth2 works?

Click to expand...

Thank you. It seems that none of my really high-profile Apps (Facebook, banks, etc) ask anywhere near once per hour. More like days or weeks. I guess that's not GoogleAuth though.

Personally, I find the most interesting thing about security and privacy is the challenge of making the right choice in different contexts. Suppose a hacker takes over an account. If this is discovered, the account can be completely blocked in a maximum of one hour. An assessment has been made in which the remaining risks are regarded as acceptable. The old school bank principles are or were based on, among other things, you have what and know what about me and the use of one-time passwords in a financial transaction. As long as the residual financial risks are also small here, it is acceptable to the bank. Facebook is based more on collecting and selling as much information as possible.