Hey, we’re building a custom registration screen for Customers which includes an SMS verification. We would like to prevent brute force attempts to guess SMS OTP codes. Does anyone know I there is an upper limit to the maximum SMS verification attempts for a user and if this can be set somewhere?
Would the “Lock out user after 5 unsuccessful attempts” setting be applied for failed SMS attempts?
Thanks!