How long should a multifactor authentication PIN be active for, via email or sms?

by UX-Indy   Last Updated December 05, 2018 22:16 PM

We are setting up Multifactor authentication for a Single Sign On project. Anytime a new device is detected, a PIN is sent to their email or sms (user chooses). How long do you suggest this PIN be valid till? It is set to 5mins right now. Is that enough time?

Tags : security


Related Questions


Updated July 09, 2015 13:07 PM

Updated March 31, 2016 08:06 AM

Updated July 09, 2016 08:06 AM

Updated September 01, 2017 18:16 PM

Updated June 06, 2017 01:16 AM