Is there a way to introduce a hard limit on the number of password attempts in the new Forms OTP flow? We would like a solution where after 10 incorrect OTP attempts the user is forced to send a new OTP to their email. In Forms the OTP generation only allows to configure the length of the code, and we haven’t found any way to count attempts within the Form itself.
Alternatively, is there a way to customize the error message “Too many beats” that occurs when a user inputs too many attempts in a short period of time? This wouldn’t be our ideal solution, but would improve user experience considerably. I’ve seen nowhere to customize this in either the Forms “messages”, the apps “Branding” or anywhere through the API.
Thank you for reaching out to us!
At this moment there is no option of counting or setting a limit to the number of incorrect OTP attempts within Forms and you are correct that 10 is a hard limit, after which a new OTP needs to be generated. This is in line with the current Rate Limits, you can find more details on our Knowledge Article.
If you would want, you could you create a Feedback request asking to implement the possibility of a count or limit of the incorrect OTP attempts.
The feedback request includes a voting system where feedback requests with higher votes have higher implementation priority.
