Support » Plugin: Two-Factor » TOTP can be used several times

  • Resolved vlntn



    i am using TOTP-passwords generated by Google Authenicator. Today i noticed, that i can use the TOTP (e.g. 372 876) two or more times. In my tests it took a few minutes until they expired and i needed a new one.

    Is there a problem on my website or have I misunderstood the TOTP-concept?


Viewing 1 replies (of 1 total)
  • Plugin Author Kaspars


    @vlntn This is correct. There is a time window of 30 seconds and a time allowance of 4 time windows which makes the codes valid for 120 seconds per this code in the plugin.

    This can be adjusted using the two_factor_totp_time_step_allowance filter to be just one window of 30 seconds, for example.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.