If an active session is compromised - for example through cookie hijacking - re-authentication for critical actions prevents an attacker from making far-reaching changes. You can freely define the actions for which re-authentication should be required, for example:

• Starting and pausing experiments
• Changes to variants
• Archiving experiments
• Changes to page targeting
• Changes to audience targeting

You can also configure the time window in which a one-off confirmation remains valid - from a prompt for each individual action to a freely selectable interval such as 30 minutes or several hours. You can also specify whether the password, a second factor (MFA) or both are required for confirmation.