Users are increasingly performing tasks using remote computing resources, often referred to as part of “the cloud.” This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource provider. Because a resource provider will often provide resource access to many different users, various types of credentials can be used to authenticate a source of the request, as well as to demonstrate that the source is authorized to access a resource to perform a task. These credentials can potentially be obtained by unintended third parties, who can gain unauthorized access to the resource environment, as well as the data and content stored therein. In order to minimize this potential problem, credentials can be given a limited lifetime such that any third party obtaining the credentials will only be able to use those credentials for their remaining lifetime. There is a tension in such an approach, however, as it is desirable to make the lifetime as short as possible to minimize the amount of time an unauthorized party obtaining the credentials can use them, but frequently having to obtain new credentials can be undesirable to a user, particularly when used for long tasks that may be difficult to complete if the credentials expire during the task.