Open MrMase opened 2 weeks ago
Just for clarity this is a seperate issue to #1648 raised where behaviour is different but both issues exist on the same system when both keys plugged in.
This is by design to avoid removing codes which are still being typed by the user. The validating server will usually allow a code for several seconds after it expires to allow for the time it takes a user to enter and submit it, rather than fail and force the user to generate a new code. An expired code that is still visible in the app after more than a few seconds will not be valid for use, which is why the app will indicate that it is expired so that the user can generate a new one.
This is by design to avoid removing codes which are still being typed by the user. The validating server will usually allow a code for several seconds after it expires to allow for the time it takes a user to enter and submit it, rather than fail and force the user to generate a new code. An expired code that is still visible in the app after more than a few seconds will not be valid for use, which is why the app will indicate that it is expired so that the user can generate a new one.
The expired code part makes sense and understandable, thanks for clearing that up. However the privacy portion of the post is still a valid concern, perhaps look to remove the expired code back to default icon after say 30 seconds when the code would definately no longer be valid, however would only affect users who use the require Touch feature given expired codes do not show for those constantly cycling their codes so whilst having less security on the physical device would not have the same privacy of use concern.
Issue type Bug report
Description When a TOTP code is generated from the app using click and hold from list after the TOPT code expires the UI leaves the code still visible instead of reverting back to the standard UI symbol. The impact of this is that should another party see the screen it would be possible to tell which accounts had recently been accessed as this stays present until either navigating to another Yubikey or fully closing the program.
Steps to reproduce and other useful info
Technical information Operating System: Windows 10 Yubico Authenticator Version: 7.0.0