Sprout's main objective is to keep all Employee Profile Data secured from unknown and illegal access. As such, we have placed safety measures wherein users will be allowed to use a One Time Password for 3 times only within the set period of 5 minutes. When the time limit has passed, the OTP will expire and can no longer be used.
Note: The 5-minute period of OTP usage is not configurable as of the moment.
No worries, in case the OTP expires, users can generate a new one. Here's how: SMS-Based MFAs: Requesting a New OTP
Now, if you are wondering what could possibly happen in case the user encodes the incorrect OTP, this article will let you know. Continue reading to know more!
1st attempt with an incorrect OTP: When users specify an incorrect OTP on their first attempt, a message is displayed indicating it is an invalid OTP and that they have 2 attempts remaining before their account gets locked.
2nd attempt with an incorrect OTP: Once the incorrect OTP is inputted again, a pop-up will show to notify the user that he only has 1 remaining trial left before his account gets locked.
3rd attempt with an incorrect OTP: On the third incorrect attempt, the user will be notified that his Sprout HR Account is already locked. 
And, if the user will try to log in again, the Access Denied page will be displayed. Once this happens, users should only follow the steps in our Account Unlocking Article in order for their accounts to be unlocked. Here's how: Security feature: Account lockout with CAPTCHA
Related Articles:
Should you wish to enable this feature, you may reach out to your Customer Success Manager or fill out our Change Request Form. I hope this helps!
Comments
0 comments
Article is closed for comments.