One-Time Password - Questions about offset configuration

Hello,

We plan to use OTP in our company.

Everything is fine except I don't understand these two parameters:

Maximum passcode offset:
Maximum initial passcode offset

I read the definitions:

But I just don't get it.

Can someone explain me with examples ?

Regards :)

Parents
  • Hello  ,

    Thank you for reaching out to the community, timestep settings:

    #Default token timestep - 30s
    The interval in seconds at which new OTP codes are generated.
    #Maximum passcode offset  - 1
    Maximum number of timesteps an earlier or later verification code remains valid. 
    #Maximum initial passcode offset:
    The maximum offset in which the initially generated code can be used
    Default: 10

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

  • Sorry guys, I stand by my comment.  Even though I know how this works, the description isn't written for users.  It's a programmer describing his work to other programmers in the same group.  Certainly, no documentalist would have written that description.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Bob, I agree.

    Just tried to explain to DeltaSM.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Hello  and  ,

    Thank you for your answers but as   I still don't get it. I read the documentation several times but I need an example to figure it out. 

    I understand OTP in general and I already use hardware tokens and also auto generated tokens but I don't understand what these two programmers are standing for. So I let them by default for now.

    Maybe do you have one for both parameters?

    Thank you for your time !

  • Hey  ,

    considering the following settings:

    #Default token timestep - 30s -->> Meaning this is a token/otp validity before it regenerate on your G-Auth or Microsoft authenticator. 

    #Maximum passcode offset  - 3 -->> timesteps an earlier or later verification code remains valid, For example, if you specify a value of 3 and the timestep is 30 seconds, the client can use any passcode from the previous 90 seconds or the subsequent 90 seconds as long as the code was not already used. [Number of passcodes outside of defined timestep that will be accepted]

    #Maximum initial passcode offset: - 10 ..>> Maximum number of timesteps by which the clock of a token can drift between client and server for the first sign-in only.  Means if you for example set 10 steps you restrict the clock of a token to drift no more than 10 seconds between two logins. [For first authentication process, token be be out-of-sync in an extreme way. Here admin can configure how many offset passcodes should be accepted. After successful authentication, offset is aligned, that means that next passcode of toke will be in-sync.]

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved


    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data