Dead Man's Switch is a security mechanism that automatically triggers a protective action (like key revocation) when a condition is not met within a specified time period.
Dead Man's Switch
Dead Man's Switch is a security mechanism that automatically triggers a protective action (like key revocation) when a condition is not met within a specified time period.
Why It Matters
When employees leave suddenly or contractors go AWOL, their access can persist indefinitely. A dead man's switch ensures that credentials are automatically revoked if not actively maintained, closing the gap that manual offboarding often misses.
How It Works
A timer is set on a credential or access grant. The authorized user must periodically "check in" (re-authenticate, renew the token, confirm continued need). If the check-in doesn't happen within the window, the system automatically revokes access.
Best Practices
- Set check-in periods based on the sensitivity of the access
- Notify users before automatic revocation
- Make renewal easy to avoid unnecessary disruptions
- Log all automatic revocation events for audit trails
Common Mistakes
- Setting the timer too long to be effective
- Not notifying the user, causing surprise access loss
- Making renewal so cumbersome that users work around it
How ShieldKey Helps
ShieldKey supports token expiration and can be configured to automatically disable Shield Tokens that haven't been used within a defined period, acting as a dead man's switch for API access.
Try ShieldKey FreeFAQ
What is a dead man's switch in security?
A dead man's switch automatically revokes access or triggers a security action when a user fails to check in within a set timeframe. It prevents stale credentials from persisting after someone leaves.