ASVS Requirement 6.5.5

• Level: 2
• Chapter: V6 Authentication
• Section: V6.5 General Multi-factor authentication requirements
• Source: 0x15-V6-Authentication.md

Description

Verify that out-of-band authentication requests, codes, or tokens, as well as time-based one-time passwords (TOTPs) have a defined lifetime. Out of band requests must have a maximum lifetime of 10 minutes and for TOTP a maximum lifetime of 30 seconds.