2FA should use a rolling window
tracked
Coyote Enthusiast
Currently, the way 2FA works is that the current 30 second window is checked. Often times, 2FA will give a code that is 20 or more seconds into the 30 second window, giving people 10 or less seconds to type the code.
You can either choose to wait, or try and rush it and hope that the login process all succeeds within 5 seconds.
The way that most login portals handle TOTP tokens is to do a rolling window, that checks either the previous and current, or current and next. This removes the chance for system time differences, user input delays, etc.
Log In
Wolphin Fluffball
I don't think without implementing an independent 2FA this would work. I prefer it being my ability to use whichever MFA app I want, and have them in the same one.
The ones I use... have countdowns. One I have also shows the new code for the last few seconds of time before it's valid, to let you get a head start typing, just have to wait for it being valid.
Waiting the seconds for the rollover to the new code before typing it, and submitting it works. The box doesn't require you to type the currently displayed code which has at most 30s on it, it needs the current code when you press the button to send it!
Coyote Enthusiast
Wolphin Fluffball Second Life uses this standard for implementing TOTP: https://www.rfc-editor.org/rfc/rfc6238
To implement this change, all they need to do is check multiple (Specifically the previous and current, or the current and next) timestamps, rather than one timestamp.
It would not cause any incompatibilities with current applications that are being used.
SL Feedback
marked this post as
tracked
SL Feedback
Hello, and thank you for your feature request regarding the implementation of a rolling window for 2FA. This is indeed a valuable suggestion to improve the user experience by reducing the frustration caused by timing issues. We wanted to let you know that another resident had previously brought up this idea in Second Life's previous bug tracking system (BUG-232914). We are merging your comments with the existing request to help us address it more efficiently. While we don't have an estimate on when this might be implemented, please keep an eye on future updates. We appreciate your input and hope you continue to share your ideas to help improve Second Life. Thank you!
Coyote Enthusiast
SL Feedback Yes, that was me, back in 2022, it was accepted and never implemented.
It's a simple change that would reduce frustrations: