EVT 2026-02-20 - Stage A Auth, Recovery, and Fallback Precision Round 2
DomainsDOL EnglishProduct154 words1 min read
Session scope
Phần tiêu đề “Session scope”Refine unresolved execution details for OTP lock behavior, reset-password post-success route, return fallback target, and close behavior of attempt-start auth gate.
Confirmed outcomes
Phần tiêu đề “Confirmed outcomes”- OTP lock threshold:
- Use concrete baseline
5 wrong OTP attempts -> lock 10 minutes.
- OTP lock scope:
- During OTP lock, keep lock on all OTP channels for that auth intent.
- Do not allow channel-switch bypass while lock is active.
- Forgot-password post-success route:
- After reset success, return to login step with success notice and prefilled identity.
- Do not auto-login by default.
- Invalid/expired return fallback:
- Prefer nearest valid route in same program/skill context.
- Home is only secondary fallback when nearest contextual route is unavailable.
- Attempt-start auth popup dismissal:
- User can close the auth popup.
- Closing keeps user on current page and does not start protected action.
Open items carried forward
Phần tiêu đề “Open items carried forward”- None for this refinement batch.