Overview
Xakia uses an enterprise-grade method to keep your session secure.
Here's what to enter when you log in, and how long you stay signed in.
How you log in
Enter your username, password, and, if MFA is enabled, the current MFA code from your authenticator app.
How often you'll enter an MFA code
You won't enter a code on every page or every visit. Xakia uses a rolling session:
Rolling 72-hour session: while you keep using Xakia, your session stays active and you won't need to re-authenticate for up to 72 hours.
14-day full re-authentication: at least every 14 days you'll fully log in again with your username, password, and MFA code, even if you've stayed active.
In practice, an active daily user re-enters their MFA code roughly every couple of weeks, not on every login.
Note
Using SSO / federated identity? Your identity provider may silently renew your session without asking for your credentials again, which can keep you signed in past the 14-day mark.
Behind the scenes
Xakia uses the OAuth 2.0 refresh token with authorization code grant flow to manage your session securely.
Tips for keeping your account secure
Use strong passwords. Make them unique and hard to guess.
Keep your password private. Never share it, and store it securely.
Lock your workstation. Always lock your computer when you step away to prevent unauthorized access.
Learn more in How to Protect Your Password and Security.
