How do you best handle authentication in high-security environments (ie. with PCI or HIPAA compliance issues) while still enabling people to get work done?<p>Consider this situation:
Zero-trust network (via Cloudflare) where the endpoint computer is specifically registered and managed.<p>Different customers and dev environments live on completely separate systems in multiple clouds; connecting to each one requires connecting through RDP through bastion via browser, or in some cases first connecting to a bastion host and then RDP again to the final destination, both requiring a password + either DUO confirmation or yubikey with PIN entry.<p>Logins timeout after 15 minutes of inactivity. This happens quite frequently (>10 times per day), because one may switch focus between remote systems or between a remote system and the local machine (to look at email, browse the web, work in Office, have a meeting etc.)<p>Assuming that policies for authentication timeouts cannot be changed (they seem to be driven by third-party 'standards'), the only solution I can imagine is to have biometric authentication that could automatically handle at least re-authentication requests without any user intervention (and before actually locking any computers).<p>This ought to be able to be be done either through FaceID on laptop itself, or even with a standalone device with its own camera or 3d face scanner. But the critical thing is that it should happen passively, after an initial (daily) login.<p>How does this not exist? Or how else can this be solved?