bigludo7
commented
1 year ago Check if good practise are existing for OTP code lenght. Why 10 and not 6.
Closed bigludo7 closed 1 year ago
bigludo7
commented
1 year ago Check if good practise are existing for OTP code lenght. Why 10 and not 6.
bigludo7
commented
1 year ago @monamok @DT-DawidWroblewski I make some search on this topic. I did not find a 'global' rule but more a rules per API provider: Twillio: The API supports token lengths between 4 and 10 digits with a default of 6 digits IBM: 6-digit code Amazon: OTP codes can contain between 5 and 8 digits, inclusive Vonage: 4 or 6
And I asked to chatGPT : What is the standard password length for password in OTP API ? "The standard password length for one-time passwords generated by OTP APIs can vary depending on the specific implementation and requirements of the application or service using the OTP API. However, in general, OTP passwords are typically shorter than traditional passwords, with a typical length of 6 to 8 digits. This is because the primary purpose of OTPs is to provide a temporary, one-time password that is valid for a short period of time, typically only a few minutes."
So I think we can faily set the max to 10 (max of the one I have found)
DT-DawidWroblewski
commented
1 year ago merged
As we did for the
codein thesend-codeoperation, we should addmaxLenghtlimitation in thevalidate-coderequest forauthenticationId(max lenght set to 36) andcode(10).Any objection from the team?