Error: Invalid Captcha after Resending an OTP Code

auth0.knowledge2 · March 7, 2025, 4:12pm

Overview

This article explains why users receive the following error after an end-user tries to receive multiple One-Time Password (OTP) codes and whether there is a way to resend the OTP with the same captcha value.

Error: Invalid Captcha

Applies To

Custom Login Page
Passwordless CAPTCHA Flow
One-Time Password (OTP) Multi-Factor Authentication (MFA)

Solution

This behavior is intentional and designed for security purposes.

Making the resend OTP code process seamless by not requiring users to solve the Captcha value again will effectively give attackers an unlimited number of code tries.
An attacker can solve the Captcha once and try an unlimited number of times to resend and try the code.

Topic		Replies	Views
Captcha shows invalid captcha error after entering correct code Get Help login-experience , new-universal-login-experience	3	22282	May 15, 2024
Wrong Attempts count and resend the OTP Get Help	2	1664	February 3, 2025
Why custom text for MFA screen mfa-otp-challenge doesn't have custom error message? Get Help mfa , mfa-api	4	32	November 7, 2024
Is it possible to Resend OTP pin Get Help	4	3473	January 9, 2020
How to resend OTP code to mail using MFA widget javascript Get Help mfa , one-time-password-otp-factor	1	712	January 9, 2024

Error: Invalid Captcha after Resending an OTP Code

Overview

Applies To

Solution

Related topics