Hi @Roman L

Thanks a lot for your reply. Ok I understand. So what reasonable (recommended) amount of seconds should I enter taking into consideration the cost of sending SMS? Twilio is expensive.

What is the best practice for the two-factor authentication code lifetime: 1 days, 3 days, 7 days, 14 days, 30 days, 90 days or more?

Also as asked in my post above, How is the code lifetime stored? in a cookie file or database? How does the system handle it when someone change the device for login?

Thanks