Merge pull request #238 from kinde-oss/Fix/Passcode-expiry

Fix/Add OTP validity time

src/content/docs/authenticate/authentication-methods/passwordless-authentication.mdx

@@ -6,6 +6,7 @@ sidebar:
 relatedArticles:
   - 43e8aa2d-76a4-4445-ae90-84d3f1a55fcb
   - 0145d1ce-564e-4c28-820f-2f126abbfe3a
+  - 8a385f58-5e01-437c-8128-6b86ee8ff382
 ---
 
 Passwordless authentication is a type of authentication that does not require end-users to set or maintain passwords for access to an application. Instead, they authenticate using a one-time passcode (OTP).
@@ -18,6 +19,8 @@ For example, someone with access to your email could click a link to get instant
 
 A OTP can be issued via email or phone, depending how you have set up authentication. It is also common to use OTPs as a factor in [multi-factor authentication](/authenticate/multi-factor-auth/about-multi-factor-authentication/).
 
+Passcodes issued from Kinde expire after 2 hours.
+
 ## Set up passwordless authentication
 
 1. In Kinde, go to **Settings >** **Authentication**.
@@ -47,3 +50,7 @@ It should not happen often, but occasionally users do not receive their passcode
 
 - Tell the user to check their junk folder - some email providers, systems, and devices have security in place to prevent spam. An OTP from an unknown provider (like Kinde) might get accidentally treated as such.
 - Once or twice we have come across a domain provider who has added Kinde to a denylist and OTPs from us get rejected. You'll need to contact us so we can investigate and arrange allowlisting. This is a very rare cause of failed OTPs.
+
+## Attack protection settings
+
+Kinde allows you to control the number of sign-in attempts a user gets, how long they get locked out after a failed sign-in attempt, etc. See [Attack protection](/build/set-up-options/attack-protection/).