To ensure the security of Email-Based MFAs (Muti-Factor Authentication), the One-Time Password (OTP) that will be sent to the employees has a specific validity period. Users would have 3 attempts to use an OTP within the set period of 5 minutes. When this set period is reached, the OTP expires and with this, users will be unable to login to their Sprout HR account using the expired OTP.
You can also generate a new OTP when the last OTP has expired. To know more, you may view our article here: Email-Based MFAs: Requesting of OTP
There are instances wherein an incorrect OTP is placed in the login page. Most of the time, this occurs if there are multiple OTPs requested that are received simultaneously. Have you ever wondered what would happen if an incorrect OTP is inputted in the OTP field? Keep on reading to know more!
1st attempt with an incorrect OTP
When you specify an incorrect OTP on your first attempt, a message is displayed indicating it is an invalid OTP and that you have 2 attempts remaining before your account gets locked.
2nd attempt with an incorrect OTP
When you specify an incorrect OTP on your second attempt, a message is displayed indicating it is an invalid OTP and that you have 1 attempt remaining before your account gets locked. CAPTCHA is also displayed and required.
3rd attempt with an incorrect OTP
When you specified an incorrect OTP on your 3rd attempt, the account is locked and a message is displayed indicating that you need to contact your administrator.
If you try to log in again, the Access Denied page will be displayed.
With this, you may coordinate with your HR administrator to unlock your account. Here's an article that may help: Security feature: Account lockout with CAPTCHA
Related Articles:
Should you wish to enable this feature, you may reach out to your Customer Success Manager or fill out our Change Request Form. I hope this helps!
Comments
0 comments
Article is closed for comments.