If you do not switch on blacklisting, and don't implement it by yourself, we recommend keeping the access token's lifetime as short as you possible. To change it, see: https://supertokens.io/docs/session/common-customizations/sessions/change-session-timeout