4cwjd (4cwjd) asked a question.
What login failure reason will be emitted in the logs if a 2FA failure ocurrs?
This answer describes what the possible login failure reasons in the logs mean: https://support.okta.com/help/s/question/0D54z00007SILavCAH/login-failures-verificationerror-generalnonsuccess?language=en_US
However, it doesn't cover the scenario of a 2FA failure. It seems that would be lumped in with INVALID_CREDENTIALS, but it's not totally clear. If it is lumped in with that, is there a way to differentiate between login failures where a person has the right password but 2FA fails vs failures that happen due to a bad password?
Hi @4cwjd (4cwjd),
Thank you for posting on the Okta community page!
I have done some research and I have managed to find the below documentation that provides different events and how they appear in the system logs:
Additionally, for the Okta Classic Engine, the events for MFA failures will differ from the ones where the user inserts invalid credentials.
I hope the above information is useful!