Recommend this page to a friend! |
Classes of Faris AL-Otabi | Uploady PHP Upload File to MySQL | uploady/vendor/robthree/twofactorauth/docs/improved-code-verification.md | Download |
|
Downloadlayout: post title: Improved Code VerificationWhen verifying codes that a user has entered, there are other optional arguments which can improve verification of the code.
Discrepancy (default 1)As the codes that are generated and accepted are consistent within a certain time window (i.e. a timeslice, 30 seconds long by default), it is very important that the server (and the users authenticator app) have the correct time (and date). The value of This should be sufficient for most cases however you can increase it if you wish. It would be unwise for this to be too high as it could allow a code to be valid for long enough that it could be used fraudulently. Time (default null)The second, Timeslice
You can store a timeslice alongside the secret and verify that any new timeslice is greater than the existing one. i.e. if This is an effective defense against a replay attack. |