Maximum sms verification attempts threshold

Hey, we’re building a custom registration screen for Customers which includes an SMS verification. We would like to prevent brute force attempts to guess SMS OTP codes. Does anyone know I there is an upper limit to the maximum SMS verification attempts for a user and if this can be set somewhere?

Would the “Lock out user after 5 unsuccessful attempts” setting be applied for failed SMS attempts?

Thanks!

Yes, you’re correct.

1 Like