To prevent multiple access tokens being minted for the same user and to save them from having to perform 2FA at every sign in to their computer, we should allow a user to sign in with just their password when using GCPW (like a normal Windows sign in) if their access token is still valid.