Open
Description
We should update the understanding document for this success criterion and add in an example that shows how multifactor authentication falls under the "essential" exception. I've seen this cause some confusion with developers who create MFA-enabled user flows and it might help if we had a specific example. Usually, after a certain period of time, the code that is generated through the workflow is no longer valid and the user has to have the page or application send a new code. Due to security concerns, the time limit can't be extended.
Here's the current text: https://www.w3.org/WAI/WCAG22/Understanding/timing-adjustable.html