How long should a multifactor authentication PIN be active for, via email or sms?

We are setting up Multifactor authentication for a Single Sign On project. Anytime a new device is detected, a PIN is sent to their email or sms (user chooses). How long do you suggest this PIN be valid till? It is set to 5mins right now. Is that enough time?

Added this: Also, the system currently has it where the 'resend pin' button is available for only those 5 mins. If the user doesnt enter the PIN or 'resends pin', he is redirected back to login. Is that right?

Tags: UX Stack Exchange

How long should a multifactor authentication PIN be active for, via email or sms?

UX in 2018: The human element

Three Takeaways from the Hawai’i Missile False Alarm

UX in 2018: Content

UX in 2018: Design, Development, and Accessibility

The Power and Danger of Persuasive Design

How long should a multifactor authentication PIN be active for, via email or sms?

Related Posts