In the last 48 hours, 3 different users in my organisation who use email-based MFA codes are reporting that their MFA codes no longer work. Those of us using an authenticator app seem fine.
I am struggling to see where the problem might be, and the only thing I can think of is the email based TOTP codes are expiring before they use them - can anyone confirm the TTL on an email based TOTP? I can see no clear email delivery delays, but if the TTL is very, very short like on the authenticator apps then I can see where this would be a problem, although one that’s only just reared its head.
Hello, and Welcome to the community! I am not confirming TTL, but I tried this out just to see on my account. I am giving the data to you:
After receiving the email and waiting for an additional 2 mins, the Bitwarden interface said the session had timed out.
After receiving the email and waiting for an additional 1 min, the Bitwarden accepted the code.
After receiving the email and waiting for an additional 75 secs, the Bitwarden interface said the session had timed out.
So, just based on the observation above, probably around 1 min and some grace seconds. The only other interesting thing is, sometimes the email didn’t arrive and I had to hit Resend the code link, but I didn’t time for this.