diff --git a/CHANGELOG.md b/CHANGELOG.md
index f1d0211..a953554 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,7 @@
 ## New version
 
+* Remove dependency on redis / kredis for sudoable
+
 ## Authentication Zero 4.0.1 ##
 
 * Remove rate limit from api generator
diff --git a/lib/generators/authentication/authentication_generator.rb b/lib/generators/authentication/authentication_generator.rb
index 94af25d..f110d15 100644
--- a/lib/generators/authentication/authentication_generator.rb
+++ b/lib/generators/authentication/authentication_generator.rb
@@ -28,7 +28,6 @@ def add_gems
 
     if redis?
       gem "redis", "~> 4.0", comment: "Use Redis adapter to run additional authentication features"
-      gem "kredis", comment: "Use Kredis to get higher-level data types in Redis [https://github.com/rails/kredis]"
     end
 
     if options.pwned?
@@ -259,7 +258,7 @@ def sudoable?
     end
 
     def redis?
-      options.ratelimit? || sudoable?
+      options.ratelimit?
     end
 
     def importmaps?
diff --git a/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt b/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
index eeede4b..ed235e6 100644
--- a/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
+++ b/lib/generators/authentication/templates/controllers/html/sessions/sudos_controller.rb.tt
@@ -6,7 +6,7 @@ class Sessions::SudosController < ApplicationController
     session_record = Current.session
 
     if session_record.user.authenticate(params[:password])
-      session_record.sudo.mark; redirect_to(params[:proceed_to_url])
+      session_record.touch(:sudo_at); redirect_to(params[:proceed_to_url])
     else
       redirect_to new_sessions_sudo_path(proceed_to_url: params[:proceed_to_url]), alert: "The password you entered is incorrect"
     end
diff --git a/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt b/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
index 187c576..c1a1bd7 100644
--- a/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
+++ b/lib/generators/authentication/templates/migrations/create_sessions_migration.rb.tt
@@ -4,6 +4,9 @@ class <%= migration_class_name %> < ActiveRecord::Migration[<%= ActiveRecord::Mi
       t.references :user, null: false, foreign_key: true
       t.string :user_agent
       t.string :ip_address
+      <%- if sudoable? %>
+      t.datetime :sudo_at, null: false
+      <%- end -%>
 
       t.timestamps
     end
diff --git a/lib/generators/authentication/templates/models/session.rb.tt b/lib/generators/authentication/templates/models/session.rb.tt
index b749f87..c39dcf8 100644
--- a/lib/generators/authentication/templates/models/session.rb.tt
+++ b/lib/generators/authentication/templates/models/session.rb.tt
@@ -1,18 +1,21 @@
 class Session < ApplicationRecord
   belongs_to :user
-  <%- if sudoable? %>
-  kredis_flag :sudo, expires_in: 30.minutes
-  <%- end -%>
 
   before_create do
     self.user_agent = Current.user_agent
     self.ip_address = Current.ip_address
+    <%- if sudoable? %>
+    self.sudo_at = Time.current
+    <%- end -%>
   end
-  <%- if sudoable? %>
-  after_create { sudo.mark }
-  <%- end -%>
   <%- if options.trackable? %>
   after_create  { user.events.create! action: "signed_in" }
   after_destroy { user.events.create! action: "signed_out" }
   <%- end -%>
+  <%- if sudoable? %>
+
+  def sudo?
+    sudo_at > 30.minutes.ago
+  end
+  <%- end -%>
 end