Even still it doesn't. @_az and @cpu were actually describing what happens with the ACMEv2 process where you provide a CSR twice.
With either version authorizations are bound to the account key and not any keypair provided in the CSR.
The timespan is 30 days:
This old API announcement explains how it works at the API level: