Increase validity time of OTP

heapsource / active_model_otp

Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword

MIT License

769 stars 81 forks source link

Increase validity time of OTP #20

Closed aelor closed 9 years ago

aelor commented 9 years ago

Hi, currently the validity of the OTP is set to 30 seconds. Is there a possibilty to increase the OTP time to say 2mins. I dont know if it is correct to be done. I tried searching the internet but couldn't find anything

robertomiranda commented 9 years ago

@aelor currently you can implement this passing the drift parameter to the authenticate_otpmethod, for you case should be looks like:

user.authenticate_otp('186522') # => true
sleep 60 # lets wait
user.authenticate_otp('186522', drift: 120) # => true
sleep 60 # lets wait
user.authenticate_otp('186522', drift: 120) # => true

this behavior is described in the Readme

anshulklr commented 9 years ago

@robertomiranda so when i will use this user.authenticate_otp('186522', drift: 120) then this will make the OTP(186522) valid for 120 seconds ?

robertomiranda commented 9 years ago

@anshulklr exactly!

anshulklr commented 9 years ago

@robertomiranda thanks

masumrock commented 8 years ago

Hello i want to know that how do i use it? and can make it more than 12 hours? every 5 minutes it will increase more 5 minutes.... how do i do it?

aelor commented 8 years ago

@masumrock I think making it valid for 12 hours is as simple as converting 12hrs to 12_60_60seconds and then use the drift with 43200(12_60_60)

In your code to authenticate the otp user.authenticate_otp('232322', drift: 43200)

masumrock commented 8 years ago

actually i don't know how to use this code... i am using it to console in (Firebug)

aelor commented 8 years ago

@masumrock This code is done server side, not the client side. Its ruby NOT javascript.

masumrock commented 8 years ago

does it possible into java script? i want to use it in a website... which provide otp system... i want extend the otp validation 5 minutes to 12 hours.....is there any way?

aelor commented 8 years ago

@masumrock Well see, what you can do is write your own code for sending the otp and not use this gem. Whenever the user enters his mobile number, send an ajax to send the otp to his phone and save the phonenumber in the localstorage along with the expiry time (current time + 12hours), then keep checking if the current time has crossed that value. But I will not recommend this because it is vulnerable to be easily tampered by the users. They will be able to change the expiry time in the localstorage.