The reason for one-time is simple, it minimizes the exposure of the automated system from abuse by rogue agents. The use of one-time authorization codes means they can only use it once.
As for the time the elevated privilege lasts would depend on the system. The assumption I am working from and what seems to be the question is that access to the automated system is restricted for a reason. Maybe it contains code books, restricted materials or so on. The time should be long enough for a legitimate need for elevated access to do what needs to be done or for someone of sufficient access to arrive and take control of the facility. It should not be so long that someone can abuse the system for nefarious purposes. That should be different for different assets so protected.
|