Is your feature request related to a problem?

A security report has been received describing that if a user has mfa enabled, when they are logging in, they are able to stay on the OTP prompt page for an indefinite amount of time.

Describe the solution you'd like

Add an expiry to the login process. Redirect back to sign in if someone takes too long to MFA. May be applicable to add one to MFA during password reset and other actions that display the prompt.