Hello,
We plan to use OTP in our company.
Everything is fine except I don't understand these two parameters:
Maximum passcode offset: Maximum initial passcode offset
I read the definitions:
But I just don't get it.
Can someone explain me with examples ?
Regards :)
Hello DeltaSM ,Thank you for reaching out to the community, timestep settings:#Default token timestep - 30sThe interval in seconds at which new OTP codes are generated.#Maximum passcode offset - 1Maximum number of timesteps an earlier or later verification code remains valid. #Maximum initial passcode offset:The maximum offset in which the initially generated code can be usedDefault: 10
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Sorry guys, I stand by my comment. Even though I know how this works, the description isn't written for users. It's a programmer describing his work to other programmers in the same group. Certainly, no documentalist would have written that description.
Cheers - Bob
Bob, I agree.
Just tried to explain to DeltaSM.
Mit freundlichem Gruß, best regards from Germany,
Philipp Rusch
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Hello jprusch and Vivek Jagad ,Thank you for your answers but as BAlfson I still don't get it. I read the documentation several times but I need an example to figure it out.
I understand OTP in general and I already use hardware tokens and also auto generated tokens but I don't understand what these two programmers are standing for. So I let them by default for now.Maybe do you have one for both parameters? Thank you for your time !
Hey DeltaSM ,considering the following settings:#Default token timestep - 30s -->> Meaning this is a token/otp validity before it regenerate on your G-Auth or Microsoft authenticator. #Maximum passcode offset - 3 -->> timesteps an earlier or later verification code remains valid, For example, if you specify a value of 3 and the timestep is 30 seconds, the client can use any passcode from the previous 90 seconds or the subsequent 90 seconds as long as the code was not already used. [Number of passcodes outside of defined timestep that will be accepted]#Maximum initial passcode offset: - 10 ..>> Maximum number of timesteps by which the clock of a token can drift between client and server for the first sign-in only. Means if you for example set 10 steps you restrict the clock of a token to drift no more than 10 seconds between two logins. [For first authentication process, token be be out-of-sync in an extreme way. Here admin can configure how many offset passcodes should be accepted. After successful authentication, offset is aligned, that means that next passcode of toke will be in-sync.]
Thank you very much for this ! :)