ASVS Requirement 6.5.4

• Level: 2
• Chapter: V6 Authentication
• Section: V6.5 General Multi-factor authentication requirements
• Source: 0x15-V6-Authentication.md

Description

Verify that lookup secrets and out-of-band authentication codes have a minimum of 20 bits of entropy (typically 4 random alphanumeric characters or 6 random digits is sufficient).