28 August 2025 (v2.141)

ReachFive v2.141 introduces an improvement for MFA retries in Risk-based authentication flows.

And of course, as always, we fixed a few items for you.

Step-up token can now be reused for MFA retries

When Risk-based Authentication requires Multi-factor Authentication, the step_up token is no longer limited to a single use. You can now reuse the same step_up token to request a new code (for example, if the user did not receive the first one), ensuring your users don’t need to restart the entire authentication process over each time.

The verification code requests in the MFA flow are subject to a limit. This limit helps protect against abuse and can be configured by ReachFive administrators. If you’d like details on the limit or to adjust this setting, contact your ReachFive representative.

See Retry MFA step-up for more details.

retry token flow

Fixes

Item Fixed

Item	Fixed
For a brief time, the MFA flow wasn’t working as expected in web sessions for the iOS and Android SDKs. We now ensure the step-up token contains an Orchestration Token at the `startPasswordless` point.	✓
ReachFive Console
We corrected a small wording issue in the MFA Session duration in hours section of Settings MFA Settings.	✓

For a brief time, the MFA flow wasn’t working as expected in web sessions for the iOS and Android SDKs.

We now ensure the step-up token contains an Orchestration Token at the startPasswordless point.

✓

ReachFive Console

We corrected a small wording issue in the MFA Session duration in hours section of Settings MFA Settings.

✓