During testing of an application where are customers need to use MFA via SMS we have noticed that the SMS generated by auth0 and sent to our Twilio vendor has had the same SMS OTP number for the last 3 requests. Each request was at least 55 min apart.
is this a standard Auth0 process or can i set a configuration to ensure each number generated is unique?
regards
Paul
Hi @paul.a.stonehewer,
The MFA or second factor authetication is managed by the system. If you got same code multiple times then it may be by system. We can not update anything related to MFA code generation.
Hi Rashid
thanks for you comment, my question is, should the Auth0 system produce the same code three time in a row over a two hour period to the same device or mobile number? From a security perspective this is bad.
regards
paul
Well, this is not a expected behavior. Did you try this multiple time or just face it one time.
Hi Rashid
it happened multiple times. We are testing and it does happen often.
We have raised a ticket with Auth0 and waiting on the reply
regards
Paul
1 Like
If you raised a ticket you should be contacted by one of our developer support engineers shortly!