The one-time password secret Keys, code generation, and code verification are based on the industry standard HMAC-SHA1 token algorithm that is defined from the IETF RFC 6238. Each OTP is meant for use by just 1 user, is valid for a particular time period, and becomes invalid after the user successfully logs in. It can’t be easily duplicated and reused elsewhere. The input is sent securely to Cloud Access via HTTPS Secure HTTP encryption on TCP port 443.With time-based OTP, the TOTP Validation server and software-token program use their individual system times to create OTPs. The TOTP algorithm supposes that the machine times are synchronized. To minimize time ramble, you need to configure the network time protocol NTP on the Cloud Access appliance so its clock remains accurate. If you cluster the Cloud Access appliances, make certain that the member nodes in the cluster point to the exact same centrally located time server.
Users must synchronize the clocks on their mobile devices with their service providers’ networks, which are usually aligned with atomic clocks.Time differences between the TOTP validation server and a mobile device may lead to a mismatch of the OTP, and following login failure. Frequent factors include clock time drift, network latency, and slow data entry. To allow for time differences, the Validity Time setting enables a submitted otp service to be considered valid if it matches with a server-generated OTP for any time-step that happens in a specified validity window based on its received timestamp, and 30 minutes. A time-step is 30-seconds.For the TOTP tool, the default validity time setting is 5 minutes. The validity window is 2.5 minutes before and 2.5 minutes after the password’s received timestamp, and 30 minutes. You can specify integer values from 2 to 10. Shorter validity times are thought of as more secure than longer ones.
If you enable the Google Recatch tool and the TOTP tool in Cloud Access, Recatch functions just for the user’s login password, rather than to the one-time password. The Recatch isn’t used if the OTP is wrong.You can enable the TOTP Validation support for one or more programs. In a user’s next login, TOTP prompts the user to register a device to use for the further authentication. If you enable all programs, the prompt occurs immediately after Cloud Access validates the user’s credentials. Otherwise, the prompt occurs when the user selects any one of those TOTP-enabled applications.The user installs the Google Authenticator program on their mobile device. On a computer, the user logs into Cloud Access using their company user name and password. If the credentials are valid, Cloud Access prompts the user to register a device for one time passwords.The user registers the mobile device Using their Cloud Access account.