MultiOTP

Hi All; I Made Sync with User with MultiOTP, but I want to make the token OTP not used not to be effective. Example, OTP1:123456 I did not used this, when I got the OTP2:654231 I entered OTP1 and it was OK. I want OTP to be killed once the second OTP issued. I think this named Fall Back option in other products. how can I make this in MultiOTP ?

Comments

  • Hello, as the token generator (probably your mobile phone) and the token server are not always exactly synchronized at the second, we need to have a "max time window" in order to be able to accept an OTP from a token that is not issue exactly at the correct time. Every system is working like that.
    Anyway, you can ajust this "max time window" in the multiotp.ini file. The default value is max_time_window=600
    You can also change this value on the command line like this: multiotp -config max_time_window=your_new_value_in_seconds
    Please note also that in any case, when OTP2 is used, OTP up to OTP2 cannot be used anymore.
    Regards
This discussion has been closed.