Re: Authenticator - Is it the code that expires, or the Yubi

2017-09-11T11:18:12+01:00

the code is valid for 30 seconds "steps", no matter when you press the button.
if you use yubico authenticator you will see that the code is grayed out almost immediatly or after more second depending on when you press it.
yubikey generate a code when button is pressed (if that mode is enabled, otherwise it keeps generating new codes as old one expires).

yubikey doesn't have a clock so the current date and is given to it by the computer.
since the clock might be inaccurate the server usually accept thre codes as valid:
the current, the old one and the following one.
so if the clock isn't perfectly in sync you will be able to login.

more info:
https://tools.ietf.org/html/rfc6238#section-4
https://en.wikipedia.org/wiki/Time-base ... _Algorithm

Statistics: Posted by nesos — Mon Sep 11, 2017 11:18 am

Authenticator - Is it the code that expires, or the Yubikey

2017-08-24T09:53:43+01:00

If you use a conventional authenticator app, e.g. Google's - you know that codes expire and rotate every few seconds in a way that is somehow synchronised with the server.

If you use Yubico Authenticator, codes expiration seems to be related JUST to how many seconds have passed since I touched the device with the Yubikey.

Is that correct? Shouldn't it be that - in the latter case - I have a combination of the two expirations?

Btw I posted this request here because I could not find a suitable section in the Yubico Software forum.

Thanks.

Statistics: Posted by giacecco — Thu Aug 24, 2017 9:53 am

Yubico Forum

Re: Authenticator - Is it the code that expires, or the Yubi

Authenticator - Is it the code that expires, or the Yubikey