top | item 28665251

(no title)

hansy | 4 years ago

Yup this is indeed a limitation in that once a code is used, the next person essentially has to wait at least one minute before they can get another working code.

My target is smaller teams, where collisions (hopefully) happen less frequently. If you're a bigger org, chances are you also have the resources to just buy everyone their own seat/license to the account instead of relying on the employees to share one account.

discuss

_wldu|4 years ago

That's a feature (not a limitation) of TOTP. Also, the time step defaults to 30 seconds, but can be changed: https://datatracker.ietf.org/doc/html/rfc6238

My OATH HOTP/TOTP implementations are here:

https://github.com/62726164/oathgen

https://github.com/62726164/goathgen