Customize the MFA Retry Limit
The MFA retry limit determines how many attempts users have to enter the correct passcode for their multi-factor authentication method before being locked out. This setting helps balance security with user experience by preventing brute force attacks while allowing reasonable attempts for legitimate users.
ℹ️Default Retry Limit
By default, users have three attempts to enter the correct passcode. This setting can be adjusted based on your organization's security requirements.
Configure the Retry Limit
- Navigate to Infrastructure Admin > EmpowerID Servers and Settings
- Search for "MFA" to find the relevant settings
- Edit the following settings as needed:
- MFAMaxRetries – Set the maximum number of attempts allowed
- MFALockoutMinutes – Set how long users are locked out after exceeding the retry limit
⚠️Security vs. Usability
Setting the retry limit too high may compromise security, while setting it too low may frustrate legitimate users.
Best Practices
- Balance Security and Usability – Consider your organization's security requirements and user experience needs
- Monitor Usage – Regularly review failed attempts to identify potential security issues
- Communicate Policy – Clearly inform users about the retry limit and lockout policy
- Provide Support – Ensure users know how to get help if they're locked out
💡Progressive Delay
Consider implementing a progressive delay between retry attempts to further enhance security while maintaining usability.