I have configured Google authenticator as an MFA factor and it is working fine. But I have found that even the code is expired/refreshed on my Google authenticator app, I am able to use the old code to log in successfully. As per my understanding, code should expire in 30 seconds but even after 30 seconds, I can use the code and login successfully.
I was wondering when does this code actually expire? Is there any setting on the OKTA side to accept old codes?