Comment 2 for bug 1569236

That is a good point, but I was under the impression that most TOTP services are a bit lenient and will take a token based on the previous or next time point (otherwise, time drift would hurt them all, especially those standalone TOTP devices like battery-powered bank tokens which don't have the benefit of the NTP/GPS/GSM network time sync like phones do).

To test my hypothesis, I've logged into github using a token after waiting for that one and the next one to "expire" (so, around 60s late). Because of this, you could even always keep it on-screen for 30 seconds and hide it afterwards.

If you don't do the above, there's still the UI problem that this one might disappear too quickly. But then just drop the expiration and make it behave just like the regular HOTP ones. I know you must love the way it looks, and I do too, but when using it, I hate it constantly changing and distracting me (not to mention the security risk). I am happy if it shows the stale token, but I don't want it to regenerate the new one.

It just seems like more bling than feature, even though I do like the blinginess, it really is useless distraction and risk. (In my humble opinion, of course; I am happy to hear from someone who uses it daily and disagrees)