When a new customer visits one of our facilities, and we confirm who they are, we will send them a text message with a link in it so they can create their online account. Are there standards or best practices as to how long the link should be valid?
NIST 800-63A Digital Identity Guidelines suggests a maximum validity of 10 minutes for an SMS registration link, and 24 hours for email. You can’t go wrong there.
2 Likes