Define out of band token lifespan

Define out of band token lifespan

Summary

The system must expire out of band authentication requests, codes or tokens after 10 minutes and should only allow them to be used once within this period.

Description

Secure out of band authenticators are physical devices that can communicate with an authentication verifier over a secure secondary channel. They serve as an additional security measure for identity assertion during authentication processes or sensitive transactions. Systems should expire out of band tokens after 10 minutes and allow them to be used only once within this period to prevent replay attacks.

Supported In

This requirement is verified in following services

Plan Supported
Essential 🔴
Advanced 🟢

References

Vulnerabilities

Free trial message
Free trial
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.