What is the inactivity timeout for explicit captive portal?
I have to enter my credentials for explicit captive portal throughout the day
The amount of time seems like it varies
Why do I have to re-authenticate at various times?

The inactivity timeout for explicit captive portal is 15 minutes.  After June 28, 2013, the timeout value will increase to be 60 minutes (one hour).  So if a user doesn't browse the web for 15 minutes (60 minutes after June 28, 2013), that user will be prompted to reauthenticate.  The time limit may seem like it varies, but it is based on web traffic being intercepted and sent to the Cloud.

The 15 minute (60 minutes after June 28, 2013) timeout is enforced across the entire Threatpulse service and the timeout value is not configurable.