Appearance
Using wallet MFA to authorize signatures and transactions
Once a user has enrolled in MFA, every attempt to use the wallet's private key (every signature or transaction) will require the user to complete MFA using their method. This logic is automatic; you do not need to do anything else once your user has enrolled in wallet MFA.
Concretely, when your app requests a signature or a transaction from the embedded wallet, Privy will show the user a modal prompting them to enter a 6-digit MFA code sent to their MFA method. If the user has enrolled in multiple MFA methods, they can choose which method they'd like to use for this given request.
Users must enter their MFA code within 5 minutes of receiving it, and are allowed up to a maximum of 4 code attempts if they incorrectly enter their code.
If the user correctly enters their MFA code, the signature or transaction request will be processed by the wallet. Additionally, their MFA verification status will be cached for 15 minutes. This means that for additional signatures or transactions requested within this window, Privy will not prompt the user to re-complete MFA.
If the user does not complete MFA or enters in an incorrect code 4 times or more, the signature or transaction will raise an error as if the user rejected the request.