Customize the MFA Retry Limit

EmpowerID offers a configuration setting that allows you to control the maximum number of attempts users have when entering an incorrect passcode while using Device Registration, OATH tokens, or EmpowerID One-Time Passwords as authentication methods (MFA Types). By default, the setting permits users a maximum of three attempts. If users surpass the retry limit, EmpowerID redirects them to the login page.

You can choose to maintain the default setting or modify it according to your organization's needs. This article provides guidance on how to make these adjustments.

It is important to note that modifying this setting can impact the security of your organization's login process. If you allow a higher number of attempts, it increases the risk of unauthorized access attempts. Conversely, if you set the number of attempts too low, it may cause frustration for users who struggle to enter their passcodes correctly within the limit.

Therefore, it is crucial to strike a balance between security and user experience by setting a reasonable number of attempts based on your organization's risk tolerance and the complexity of the authentication methods used.

To customize MFA Retry Limits

Expand Infrastructure Admin > EmpowerID Servers and Settings on the navbar and click EmpowerID System Settings.
On the EmpowerID System Settings page, search for EidMultiFactorRetryLimit and then click the Edit button for the setting. Edit buttons have the Pencil icon.
In the General pane that appears, enter the desired retry limit in the Value field and then click Save. Do not change the Name of the setting.