Hi @alawless !

Yes, the 2-factor authentication also expires when the user provides the wrong information. In some scenarios, it’s even possible to configure the number of wrong attempts before the envelope is locked.

Let me know if I answered your question!

Hi Vinicius, 

Thank you very much for your response. This is good to know, can i just clarify does the 2FA also have a time-limit expiry or does it only expire when the wrong info is entered?

Thanks

Hi @alawless !

The 2FA validity time expires when access to the envelope also expires, that is, 5 accesses through the same link or 48 hours.

Hi Vinicius

I understand - final question I promise (!) when clicking the expired email link to generate a new link, will a new 2FA link also be sent (provided the info hasn’t been entered incorrectly at all, the user has just simply not been able to access the device with the 2FA link yet?)

No problem @alawless , and I'm happy to help!

The entire process will restart. I don't know exactly which type of authentication you are referring to, as there are several (such as SMS, Phone, document validation, among others), but these will only be started when the user clicks the button to send the code/validation.

Here I have an article that shows how SMS validation works, showing that the code is only sent after the user confirms that they want to receive it via cell phone: The Recipient Phone Authentication Experience

If you have other questions, let me know!