Passcode storage

PingFederate does not store one-time passcodes at any time. Instead, passcodes are generated based on several components that are stored in memory, including a nonce value, a transaction id, and "secret" value associated with the adapter instance.

Passcode duration

Passcodes are associated with a particular PingFederate session. Although the passcodes themselves do not expire, they can only be used once and only for the associated session and authentication flow. When the authentication flow ends, the passcode is no longer valid.