Could it be made more obvious to users that they need to generate a new passcode each time they are prompted?

Bug #1071781 reported by Liam Young
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Canonical SSO provider
New
Undecided
Unassigned

Bug Description

I've dealt with a few users who have generated a passcode and then just kept on trying to use same code and not generating a new one. Could it be made more abvious to users that they need to generate a new passcode each time they are prompted?

Liam Young (gnuoy)
summary: - Could it be made more abvious to users that they need to generate a new
+ Could it be made more obvious to users that they need to generate a new
passcode each time they are prompted?
Revision history for this message
Michael Foord (mfoord) wrote :

We could detect "counter - 1" and explicitly tell the user they're using an old code. I don't think that would be a security risk.

Revision history for this message
Ricardo Kirkner (ricardokirkner) wrote : Re: [Bug 1071781] Re: Could it be made more obvious to users that they need to generate a new passcode each time they are prompted?

On Mon 29 Oct 2012 02:15:22 PM CET, Michael Foord wrote:
> We could detect "counter - 1" and explicitly tell the user they're using
> an old code. I don't think that would be a security risk.
>

That would only work if the user is using the previous OTP and not any
arbitrary one in the past. I think this needs a more general
"educational" message.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.