TOTP timeouts, why?
robert_hitech Newbie ✭
How does a TOTP timing out protect the end user? If I connect and setup TOTP then both pairs must be known to connect. But if I have to set it up again the next day what is stopping the hacker from guessing first and locking me out for the day?
Category: Mid Range Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Welcome to SonicWall community.
First of all, the TOTP is 6-digit number and can have 720 combinations. So, if someone is trying to brute force and the timeout is huge like one day, it is pretty easy to try out all the combinations.
The TOTP timeouts are hence extremely short like 10 or 30 seconds and then it becomes invalid. So, if a hacker has to guess the exact OTP for that 30 second interval, it makes this whole second layer of authentication protect you from that.
I hope that clarifies the doubt. If not, let me know.
Technical Support Advisor, Premier Services