 why isn’t there a 2FA app that just gives me a peek at the next code when there’s a couple seconds left on the expiration. i won’t submit it early, i just want to type it in. i’m supposed to just patiently sit here for a little number to tick over and then type it in? like some animal?! 4 comments
 @samhenrigold @SamTheGeek Yeah, usually the server will accept all 3 of current, previous, and next codes as valid. That’s at the server’s discretion tho, they can choose to be stricter. @samhenrigold @SamTheGeek It's usually more than 10-20 seconds in my experience. It's pretty common to accept current plus two codes in either direction, future and past. Because time is an input into the TOTP algorithm that generated the code, admins generally build in some leniency for clocks not being totally in sync. (Current time gets turned into a count of 30 second increments elapsed since the defined start time. That counter plus the shared secret get fed into the hashing algorithm.) |
Gregory's Server
@samhenrigold the secret is that codes are good for 10-20sec after they expire.