1 post
MFA, passkeys, and trusted IP authenticate the login moment. They do not extend to the session, the token, or the actions that follow.
