The password grace period feature keeps track of the last time the user entered their password in the session, and doesn't require they reenter their password for account modifications if they recently entered it correctly.
If you would like to provide extra security before certain routes, you can use the confirm password feature to require users to reenter their password if they haven't entered it recently:
By default, this does not redirect if the session has been authenticated via password, but with the password_grace_period feature, it also redirects if the password has not been entered recently.
The session key in which to store the last password entry time.
The number of seconds after a password entry until password reentry is required, 300 by default (5 minutes).
Whether the password has last been entered within the grace period.