Maximize reset password SMS pause window duration [Updated in Security Center 1.3]

Zurich Platform security

Release

zurich

ft:locale

en-US

ft:publication_title

Zurich Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Maximize reset password SMS pause window duration [Updated in Security Center 1.3]

Release version: Zurich

Updated July 31, 2025

1 minute to read

Manage the time duration in minutes that a user must wait before they can request a new password reset code.

If this property is not set to the recommended value of 2 minutes or more, then a malicious user could initiate many passwords reset codes in a brief window of time. This increases the chance of a bad actor predicting the SMS reset code.

More information


Attribute	Description
Configuration name	password_reset.sms.pause_window
Configuration type	System Properties (/sys_properties_list.do)
Data type	integer
Recommended value	2
Default value	2
Category	Authentication
Security risk	Severity score: 4.8 CVSS score: Medium Security risk details: Ensure that password_reset.sms.pause_window is set to a value of 2 or more.
Dependencies and prerequisites	None