Page MenuHomePhabricator

Make authentication window size and leniency configurable
Closed, ResolvedPublic

Description

Right now the window size is hardcoded to (I think) 30 seconds and the leniency is hardcoded to 4 windows. They should be configurable.


Version: master
Severity: enhancement

Details

Reference
bz53194

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:08 AM
bzimport set Reference to bz53194.

I should also note that the TOTP RFC recommends using a window size of 30 seconds and a leniency of 1 window in each direction. If WMF uses NTP on their servers, that should not be an issue since most TOTP apps have time synchronization.

Change 132784 had a related patch set uploaded by Parent5446:
Make authentication window size and leniency configurable

https://gerrit.wikimedia.org/r/132784