Serious failure in verification

[TomMettam]

Hey

Unless i'm hugely missing something, Ù2F.verifyOTP seems to have a significant flaw..

For example, with a base32_key of VALN YFSX VQNO DANY L3HQ AENO 5FKY 4FMV, U2F.verifyOTP accepts a valid code from my authenticator but it also accepts a low digit, such as 1, 2 or 3, with a delta between -1 and 1.

This doesn't seem to match the behaviour of other online TOTP validators.

[akanass]

Hi @TomMettam thanks for your issue but I don't see U2F.verifyOTP in the documentation

Which method are you using? How did you generate your base_32 key?

Thanks