Resend OTP BruteForce
Resend OTP BruteForce
Resend OTP Bruteforce is a security feature that prevents misuse of the OTP (One-Time Password) resend function. It stops Users from repeatedly requesting new OTPs multiple times.
How to configure
To configure Resend OTP BruteForce protection, follow these steps
Step 1: Navigate to Realm Settings.
Step 2: Click on KOBIL tab.
Step 3: Under the Resend OTP BruteForce section, toggle the option to ON to activate protection.
Parameters in Resend OTP bruteForce
| Parameter | Description |
|---|---|
| Max OTP Resend | Defines the maximum number of OTP resend attempts allowed For instance, if you set the Max OTP Resend to 5, users will be allowed to request a new OTP up to 5 times, with a required wait time between each request as set at the authenticator level. |
| Wait Increment | 1. After exceeding the maximum number of OTP resend attempts, a wait time corresponding to the specified increment (e.g., 30 seconds) must be observed before additional attempts are allowed. 2. Each time the maximum attempts are exceeded, the wait time will increase by the increment value (e.g., the wait time will increase from 30 seconds to 60 seconds after another set of attempts). 3. This pattern continues with the wait time being incrementally increased each time the maximum number of attempts is exceeded. |
| Failure Reset Time | Once the Wait increment reaches Failure Reset Time then the resent OTP count will be reset to zero. |
Mechanism of Wait Increment
For instance, if you have set Max Login Failures to 3 and a Wait Increment of 30 seconds, the effective time an account will be disabled after several failed authentication attempts will be,
| Number of Resends | Wait Increment | Max OTP Resends | Effective wait time |
|---|---|---|---|
| 1 | 30 | 3 | 0 |
| 2 | 30 | 3 | 0 |
| 3 | 30 | 3 | 30 |
| 4 | 30 | 3 | 30 |
| 5 | 30 | 3 | 30 |
| 6 | 30 | 3 | 60 |
| 7 | 30 | 3 | 60 |
| 8 | 30 | 3 | 60 |
| 9 | 30 | 3 | 120 |
Note that the Effective Wait Time at the 3rd failed attempt will disable the account for 30 seconds. Only after reaching the next multiple of Max OTP RESEND, in this case 6, will the time increase from 30 to 60. The time the account will be disabled is only increased when reaching multiples of Max OTP Resend. If the Effective Wait Time reaches the Failure Reset Time, the OTP Resend count will be reset.
Authenticators Incorporating Resend OTP Bruteforce
Certain authenticators incorporate Resend OTP Bruteforce protection within their flow,
- KOBIL Email registration
For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL Email Registration. - KOBIL Phone Registration - For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL Phone Registration.
- KOBIL Email Verification - For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL Email Verification.
- KOBIL Change Email - For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL Change Email.
- KOBIL eTan - For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL eTan.
- KOBIL Phone Verification - For a more detailed explanation on the Resend OTP Bruteforce Authenticator specific configuration, please refer to KOBIL Phone Verification.
Execution summary
By configuring the Resend OTP BruteForce settings under the KOBIL tab, administrators can effectively manage and secure the OTP resend process. Setting appropriate limits for OTP resends, wait increments, and failure reset times ensures that users are protected against brute-force attacks while maintaining a balance between security and usability. Properly implementing these settings helps safeguard user accounts and enhances overall system integrity.