Brute force protection in mfa code page

We have enabled MFA for a users using authenticator apps like Guardian etc.
Is there a way to limit the number times an incorrect code is entered in auth0?

Hey there!

Not sure about that but let me research that and get back to you soon with the news!

From what I tested, the mfa code page seems to accept unlimited number of retries, but after 10 attempts it does not even accept the correct code.
I need some sort of document reference to the same if possible

Hey there!

Sorry for the delay in response but I wasn’t able to find anything in our docs regarding customising that. What I would suggest is to file in a feature request using our product feedback form here: