Stores identity confirmation details for users. If the cookie isn’t set or it expires, users must repeat the identity confirmation process the next time that they log in. Identity confirmation requires a verification method such as SMS, an authenticator app, or a security key.