We were recently asked the following question:
What happens if I am attempting to log in to my Marqeta public sandbox account, and I fat-finger the MFA code (or I don’t receive an MFA code at all)? In other words, how long does it take for the MFA status to reset for a public sandbox login?
A: Here are some details about MFA
Multi-Factor Authentication (MFA) is part of Marqeta’s Single Sign On (SSO) experience. SSO helps us secure and standardize our authentication and authorization protocol for enduser authentication into the Marqeta domain.
- The MFA code you are sent while authenticating is valid for 20 minutes from the time it is issued. If you enter an expired MFA code, an error message (“Unauthorized”) will be displayed. Try logging on again to retrieve a new code.
- If you incorrectly enter a valid MFA code, Marqeta will automatically issue you a new code. Enter the new code and you should gain access to your sandbox. As an added safety measure to protect your account, you will be prevented from requesting a new code for a period of 15 minutes if you make five consecutive failed attempts to enter a valid MFA code.
- Remember that making another attempt to log in to the sandbox will invalidate the previous MFA code and a new code will be issued to you. You cannot recycle your previous MFA code, even if you never attempted to redeem it.
To learn more about authentication on the Marqeta platform, check out our Authentication Guide.