Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

TOTP timeouts, why?

robert_hitechrobert_hitech Newbie ✭
in Mid Range Firewalls

How does a TOTP timing out protect the end user? If I connect and setup TOTP then both pairs must be known to connect. But if I have to set it up again the next day what is stopping the hacker from guessing first and locking me out for the day?

Category: Mid Range Firewalls
Reply

Answers

  • shiprasahu93shiprasahu93 Moderator

    Hello @robert_hitech,

    Welcome to SonicWall community.

    First of all, the TOTP is 6-digit number and can have 720 combinations. So, if someone is trying to brute force and the timeout is huge like one day, it is pretty easy to try out all the combinations.

    The TOTP timeouts are hence extremely short like 10 or 30 seconds and then it becomes invalid. So, if a hacker has to guess the exact OTP for that 30 second interval, it makes this whole second layer of authentication protect you from that.

    I hope that clarifies the doubt. If not, let me know.

    Thanks!

    Shipra Sahu

    Technical Support Advisor, Premier Services

Sign In or Register to comment.