24afad3921
Unlocking OTP requires 3 consecutive successful authentications. As we require 6 digits per OTP auth, each auth attempt without access to the secret has a 1 in 10**6 chance of succeeding. Therefore, unlocking OTP only has a 1 in 10**18 chance of succeeding without access to the secret. Any failure resets the success counter, and imposes a 15 minute delay before another attempt. So there is a limit of 96 OTP unlock attempt failures per day per account. The specs don't show it, but there is a 90 second delay between OTP unlock attempts. This is to prevent the same code working for multiple auth attempts, accounting for drift in both directions.
11 lines
604 B
Plaintext
11 lines
604 B
Plaintext
<% @page_message = "Your one-time password authentication has been locked out, and you must wait to unlock it." %>
|
|
|
|
<div class="space-y-6">
|
|
<p><%= rodauth.otp_unlock_consecutive_successes_label %>: <%= rodauth.otp_unlock_num_successes %></p>
|
|
<p><%= rodauth.otp_unlock_required_consecutive_successes_label %>: <%= rodauth.otp_unlock_auths_required %></p>
|
|
<p><%= rodauth.otp_unlock_next_auth_deadline_label %>: <%= rodauth.otp_unlock_deadline.strftime(rodauth.strftime_format) %></p>
|
|
|
|
<p><%= rodauth.otp_unlock_next_auth_attempt_refresh_label %></p>
|
|
<%== rodauth.otp_unlock_refresh_tag %>
|
|
</div>
|