Minimize one-time out of band verifier lifetime duration [Updated in Security Center 1.3]

  • Release version: Yokohama
  • Updated January 30, 2025
  • 1 minute to read

    • Manage the time duration for out-of-band verifiers.

    An out-of-band verifier is an alternative delivery method for one-time code situations. For example, resetting a multi-factor token. If this method is enabled by administrators in the Multi-factor authentication plugin, a one-time code is delivered by email. Set one-time out-of-band verifiers to expire after 10 minutes to limit the validity window. A larger time window allows more time for the code to be compromised through illicit means such as phishing, social engineering, or shoulder-surfing attacks.

    More information

    Attribute Description
    Configuration name glide.multifactor.onetime.code.validity
    Configuration type System Properties (/sys_properties_list.do)
    Data type integer
    Recommended value 10
    Default value 10
    Category Authentication
    Security risk
    • Severity score: 3.9
    • CVSS score: Low
    • Security risk details: Set one-time out-of-band verifiers to expire after 10 minutes. Anything longer increases the risk of the code being compromised by a bad actor.
    Dependencies and prerequisites Multi-factor authentication
    References Multi-factor authentication criteria