How long should a multifactor authentication PIN be active for, via email or sms?

by UX-Indy   Last Updated December 05, 2018 22:16 PM

We are setting up Multifactor authentication for a Single Sign On project. Anytime a new device is detected, a PIN is sent to their email or sms (user chooses). How long do you suggest this PIN be valid till? It is set to 5mins right now. Is that enough time?

Tags : security

Related Questions

Three Tools to automate Risk Assessment

Updated July 09, 2016 08:06 AM