Yes, because of a horrendous implementation by Microsoft. 3 minutes instead of 3... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hx833001 on Dec 12, 2024 \| parent \| context \| favorite \| on: Oasis Security Research Team Discovers Microsoft A... Yes, because of a horrendous implementation by Microsoft. 3 minutes instead of 30 second TOTP validity and unlimited guesses.

fckgw on Dec 12, 2024 [–]

Technically, 10 guesses per session but unlimited sessions.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact