Yubico Forum https://forum.yubico.com/ |
|
Authenticator - Is it the code that expires, or the Yubikey https://forum.yubico.com/viewtopic.php?f=26&t=2692 |
Page 1 of 1 |
Author: | giacecco [ Thu Aug 24, 2017 9:53 am ] |
Post subject: | Authenticator - Is it the code that expires, or the Yubikey |
If you use a conventional authenticator app, e.g. Google's - you know that codes expire and rotate every few seconds in a way that is somehow synchronised with the server. If you use Yubico Authenticator, codes expiration seems to be related JUST to how many seconds have passed since I touched the device with the Yubikey. Is that correct? Shouldn't it be that - in the latter case - I have a combination of the two expirations? Btw I posted this request here because I could not find a suitable section in the Yubico Software forum. Thanks. |
Author: | nesos [ Mon Sep 11, 2017 11:18 am ] |
Post subject: | Re: Authenticator - Is it the code that expires, or the Yubi |
the code is valid for 30 seconds "steps", no matter when you press the button. if you use yubico authenticator you will see that the code is grayed out almost immediatly or after more second depending on when you press it. yubikey generate a code when button is pressed (if that mode is enabled, otherwise it keeps generating new codes as old one expires). yubikey doesn't have a clock so the current date and is given to it by the computer. since the clock might be inaccurate the server usually accept thre codes as valid: the current, the old one and the following one. so if the clock isn't perfectly in sync you will be able to login. more info: https://tools.ietf.org/html/rfc6238#section-4 https://en.wikipedia.org/wiki/Time-base ... _Algorithm |
Page 1 of 1 | All times are UTC + 1 hour |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |