Change/Reset MFA Rate limit on SMS/Voice messages

Feature: Change/Reset MFA Rate limit on SMS/Voice messages

Description:

Auth0 enforces 10 SMS per hour rate limit for brute force attacks (even when using a paid sms provider account).
Under certain circumstances our users are hitting this limit occasionally.
Reasons when this happens are different and it could be that the issue can be on the SMS provider side, the phone provider of the user or a combination of company’s custom user registration/authentication process which uses MFA SMS messages on each steps for security reasons.

Our IT and Business has the requirement that this rate limit can be increased per tenant.
Another option would be fine if we can reset the counter for the specific user to allow resending sms and not waiting 1 hour to get another 1 chance receiving the sms.

References:

Use-case:
User is not blocked and needs to wait 1 hour to get another chance to login.
Auth0 probably not knows if SMS really has been arrived at users phone but is limit the user and the process.

Hey there!

Thanks for creating this feedback card! Make sure to upvote it so it’s gonna attract as many community members as possible. We review those feedback cards on a monthly basis and will get back to you as soon as we have more updates on this front!

1 Like