-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] v7.0.0 - Expired TOTP codes still visible #1647
Comments
Just for clarity this is a seperate issue to #1648 raised where behaviour is different but both issues exist on the same system when both keys plugged in. |
This is by design to avoid removing codes which are still being typed by the user. The validating server will usually allow a code for several seconds after it expires to allow for the time it takes a user to enter and submit it, rather than fail and force the user to generate a new code. An expired code that is still visible in the app after more than a few seconds will not be valid for use, which is why the app will indicate that it is expired so that the user can generate a new one. |
The expired code part makes sense and understandable, thanks for clearing that up. |
Issue type
Bug report
Description
When a TOTP code is generated from the app using click and hold from list after the TOPT code expires the UI leaves the code still visible instead of reverting back to the standard UI symbol. The impact of this is that should another party see the screen it would be possible to tell which accounts had recently been accessed as this stays present until either navigating to another Yubikey or fully closing the program.
Steps to reproduce and other useful info
Technical information
Operating System: Windows 10
Yubico Authenticator Version: 7.0.0
The text was updated successfully, but these errors were encountered: