A background process or database TTL index automatically invalidates or deletes the record after created_at + ttl_seconds . Redis is commonly used to model TTL passwords:
"user_id": "alice@example.com", "password_hash": "bcrypt...", "created_at": "2025-04-16T10:00:00Z", "ttl_seconds": 300, # 5 minutes "is_active": true ttl models password
| Threat | TTL Mitigation | Additional Requirement | |--------|----------------|------------------------| | Brute-force attack | No | Rate limiting, strong entropy | | Phishing | No | User education, MFA | | Man-in-the-middle | No | TLS encryption | | Replay (within TTL) | Partial | Nonce, request signing | A background process or database TTL index automatically