- Vault timeout and action should require the user to enter their password/pin or use biometrics when making the change.
- While a user’s application may lock/log out after a period of time, there is nothing preventing an intruder from accessing these setting and changing them while the app is still unlocked so that the application remains unlocked indefinitely.
1 Like