Merge pull request #462 from bugcrowd/2FA-Code-is-Not-Updated

update rec for 2FA Code is Not Updated
bugcrowd · May 15, 2024 · 2d052fc · 2d052fc
2 parents 8a1d126 + cc9702e
commit 2d052fc
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/...ation/two_fa_code_is_not_updated_after_new_code_is_requested/recommendations.md b/...ation/two_fa_code_is_not_updated_after_new_code_is_requested/recommendations.md
@@ -1,8 +1,8 @@
 # Recommendation(s)
 
-There is no single technique to implement 2FA securely. However, the following best practices should be adhered to:
+It is recommended to update the 2FA code each time a new code is requested so that there is only one valid and unique code at a time.
+Additionally, the following best practices should be adhered to for secure 2FA implementation:
 
-- The 2FA code should be invalidated each time a new code is requested
 - Users should have access to a failsafe login method if they don’t have access to their 2FA implementation
 - 2FA should be implemented for users upon sensitive actions such as login, change of password or security questions, elevation of user session, change of email address or phone number, and disabling of 2FA.
 - The uniquely generated OTP should expire