Json Doh#TIL #2fa
I've been cautious about time left before it expires to enter a #TOTP trying to make sure it would make it to the server and get authenticated before the timer bar in my #authenticator runs out. Then I noticed that even if I'm a little late it still works. So I got curious and started experimenting. Turned out it still works even when I'm late quite a bit. Then I found #RFC6238 which recommends the servers to accept expired tokens within a time window. How clever! Now you know too.
I've been cautious about time left before it expires to enter a #TOTP trying to make sure it would make it to the server and get authenticated before the timer bar in my #authenticator runs out. Then I noticed that even if I'm a little late it still works. So I got curious and started experimenting. Turned out it still works even when I'm late quite a bit. Then I found #RFC6238 which recommends the servers to accept expired tokens within a time window. How clever! Now you know too.