Rate limits for MFA factors

lihua.zhang · August 30, 2023, 11:53pm

Problem statement

What are the rate limits for failed attempts with the following MFA factors?

SMS: Auth0 limits a single user to send up to 10 SMS or voice messages per hour. (The burst rate is 10, but only 1 voice message per hour will be sent for new requests.)
OTP: The rate limit for OTP is also 10 attempts per hour.
For Push Notifications, the rate limit is: burst rate starts at 5, and we add 5 more per minute (e.g. 1 every 12 seconds).
For Email MFA, the rate limit is: burst rate starts at 20, and we add 1 more per minute.

Topic		Replies	Views
Number of times you can resend code in MFA Help mfa	1	2024	July 25, 2022
Change/Reset MFA Rate limit on SMS/Voice messages Feedback	1	1578	February 15, 2023
MFA SMS rate limit Help mfa , mfa-sms	2	4003	August 16, 2019
MFA Limits for OTP - Login Fails with Error "Too many failed codes. Wait for some minutes before retrying" Knowledge Articles mfa-sms , otp-code	1	3455	March 1, 2023
MFA Free Plan Limit Help mfa	4	4574	March 4, 2021