Mauth icon indicating copy to clipboard operation
Mauth copied to clipboard
verified publisher icon X1nto

reject invalid TOTP codes

Open xi opened this issue 9 months ago • 0 comments

1 digit codes are obviously insecure, yet mauth will happily accept them. The spec is unfortunately unclear about what to do in those cases. I propose to flag them as invalid or at least show a warning.

See also https://shkspr.mobi/blog/2025/02/the-least-secure-totp-code-possible/

xi avatar Mar 03 '25 06:03 xi