Comment 2 for bug 1071781
Revision history for this message
| Ricardo Kirkner (ricardokirkner) wrote Re: [Bug 1071781] Re: Could it be made more obvious to users that they need to generate a new passcode each time they are prompted? | #2 |
On Mon 29 Oct 2012 02:15:22 PM CET, Michael Foord wrote:
> We could detect "counter - 1" and explicitly tell the user they're using
> an old code. I don't think that would be a security risk.
>
That would only work if the user is using the previous OTP and not any
arbitrary one in the past. I think this needs a more general
"educational" message.