An organization issues short-lived digital credentials that remain valid long after replacement. Security leaders want a strategy that prevents previous credentials from continuing to be accepted, even if they are compromised. Which option provides the best solution?
Adopt a limited renewal period and a system to withdraw compromised credentials
Establish a single universal account so every user shares the same credential
Persist old data in an external database to verify it at a later time
Use a constant trust anchor shared across all services to reduce maintenance
Implementing short-lived credentials with active revocation mechanisms ensures compromised tokens are invalidated immediately. Long-lived or static trust configurations pose security risks by continuing to trust outdated credentials. Shared or universal accounts undermine individual accountability, and storing legacy data without enforcement does not mitigate real-time credential misuse.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How do short-lived digital credentials enhance security?
Open an interactive chat with Bash
What is an active revocation mechanism?
Open an interactive chat with Bash
Why are universal accounts not a good security practice?