What authentication method involves a hard timeout?

A fixed duration session is characterized by a hard timeout, which means that the duration of the session is predetermined and will expire after a set period, regardless of user activity. This method is particularly useful for enhancing security by ensuring that sessions do not remain active indefinitely.

Once the fixed duration elapses, the session is automatically terminated, requiring the user to authenticate again to re-establish access. This timeout mechanism helps mitigate risks associated with inactive sessions, such as unauthorized access through session hijacking or exploitation of forgotten active sessions.

In contrast, options that depend on user activity or packet flow do not employ a strict timeout based solely on the elapsed time, as they may extend the session based on ongoing user interactions or communications. Dynamic session creation involves sessions that may adapt or change based on certain conditions rather than being bound to a specific time constraint. Therefore, a fixed duration session stands out as the method that explicitly includes a hard timeout, ensuring predictable session management in network security practices.