-
as in the discussion here: https://news.ycombinator.com/item?id=26258261#26271329
```
- Using '=' for comparing TOTPs in the totp.verify function[1] is not safe from timing attacks.
```
https:…
-
because the export was declared using "="
I just had to change
```ts
// index.d.ts
interface TotpOptions {
period?: number | undefined;
/**
* The desired SHA variant (SHA-…
-
Trying to log in with an account with 2FA enabled redirects back to the login page instead of bringing up the TOTP code prompt. The data set in the session to indicate that the MFA/TFA process and for…
-
## Summary
Having the keyring report the TOTP can be very useful for automated procedures in a shell. Thus being able to tell KeePassXC to report the TOTP-value for password would make a lot of sense…
-
When users first log in, we should let them choose betweeen SMS and TOTP, and then continue setup.
This may come for "free" with the work done on #19, but I wanted to be sure to explicitly capture …
-
It's possible that some users may not be wholly familiar with 2FA terminology, so it may be helpful to consistently label and describe these options between the login and configuration screens.
For…
-
Hey, I am testing 2FA login with the following implementation:
generate code:
```ruby
if u.method_email?
u.otp_secret = User.generate_otp_secret
u.save!
…
-
### 你当前使用的版本
2.12.0-alpha.1
### 描述一下此特性
希望用户能够通过管理员后台或其他自助的方式如邮箱验证短信验证的方式重置totp
### 附加信息
_No response_
-
Hello, I wanna ask something. Is it possible to change the default of totp generated from the authenticator app to become a 10m Period totp code? Because in my code, all OTP that are generated is for …
-
**Is your feature request related to a problem? Please describe.**
I need to require MFA (on login) for all my users using Okta as the Idp and without enabling Okta push verification.
My organizat…