Merge pull request #240 from davidalger/patch-1

nathanjosiah · web-flow · commit d35520937544 · 2020-08-10T17:11:25.000-05:00
Update default OTP Window for Google TOTP to 1 per recommendation in RFC 6238
diff --git a/TwoFactorAuth/etc/adminhtml/system.xml b/TwoFactorAuth/etc/adminhtml/system.xml
@@ -42,7 +42,7 @@
                 <field id="otp_window" translate="label comment" type="text" sortOrder="10" showInDefault="1"
                        showInWebsite="0" showInStore="0" canRestore="1">
                     <label>OTP Window</label>
-                    <comment>This determines how long the one-time-passwords are valid for.</comment>
+                    <comment>This determines how long the one-time-passwords are valid for. An OTP Window of 1 will result in the current OTP value plus 1 code in the past and 1 code in the future to be valid at any given point in time.</comment>
                 </field>
             </group>
             <group id="duo" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="0"
diff --git a/TwoFactorAuth/etc/config.xml b/TwoFactorAuth/etc/config.xml
@@ -21,7 +21,7 @@
                 <application_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </duo>
             <google>
-                <otp_window>30</otp_window>
+                <otp_window>1</otp_window>
             </google>
         </twofactorauth>
     </default>
