Checklist ref
2AU.00.06
Area
2AU. Redirect to Web with OTP
Wireframe ref
06
Type
Technical Standard
Requirement level
SHOULD
Participant
Data Holder
Statement
Where a data holder supports the ‘Redirect to Web with OTP’ flow: • The data holder SHOULD implement additional controls to minimise the risk of enumeration attacks via the redirect page. NB: This is a subset of the Technical Standard referenced.
Reference
Security Profile, Credential Requirements, One Time Password Credential Requirements
Example
Authenticate: Redirect to Web with One Time Password
Version introduced
1.4.0 or earlier
Date introduced
12 August 2020 or earlier
Date modified
22 September 2025
Status
Active