[GH-ISSUE #59] Old tokens are valid #494

New issue

Closed

opened 2026-03-14 11:57:49 +03:00 by kerem · 4 comments

kerem commented 2026-03-14 11:57:49 +03:00

Owner

Copy link

Originally created by @ginomessmer on GitHub (Apr 17, 2017).
Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/59

Verifying old tokens which has been used minutes ago get validated. Is there some way to disable old keys?

Originally created by @ginomessmer on GitHub (Apr 17, 2017). Original GitHub issue: https://github.com/antonioribeiro/google2fa/issues/59 Verifying old tokens which has been used minutes ago get validated. Is there some way to disable old keys?

kerem closed this issue 2026-03-14 11:57:54 +03:00

kerem commented 2026-03-14 11:57:59 +03:00

Author

Owner

Copy link

@SebastianS90 commented on GitHub (Apr 18, 2017):

Have a look at #50. Maybe I should fork this project because no one seems to be interested in that important feature.

<!-- gh-comment-id:294696892 --> @SebastianS90 commented on GitHub (Apr 18, 2017): Have a look at #50. Maybe I should fork this project because no one seems to be interested in that important feature.

kerem commented 2026-03-14 11:58:05 +03:00

Author

Owner

Copy link

@ginomessmer commented on GitHub (Apr 18, 2017):

Thanks for heads up. Probably worth to include it, it's a great and yet simple to integrate package though.

<!-- gh-comment-id:294724280 --> @ginomessmer commented on GitHub (Apr 18, 2017): Thanks for heads up. Probably worth to include it, it's a great and yet simple to integrate package though.

kerem commented 2026-03-14 11:58:10 +03:00

Author

Owner

Copy link

@lukepolo commented on GitHub (Jun 17, 2017):

#50 has been merged! you probably can close this now.

<!-- gh-comment-id:309172143 --> @lukepolo commented on GitHub (Jun 17, 2017): #50 has been merged! you probably can close this now.

kerem commented 2026-03-14 11:58:15 +03:00

Author

Owner

Copy link

@antonioribeiro commented on GitHub (Jun 17, 2017):

You already had a way to disable them through window, you just have to set window to 1 or even 0:

$isValid = $google2fa->verifyKey($secret, $password, 0);

What https://github.com/antonioribeiro/google2fa/pull/50 gives us is different: you now have the ability to disable passwords already used.

<!-- gh-comment-id:309190706 --> @antonioribeiro commented on GitHub (Jun 17, 2017): You already had a way to disable them through `window`, you just have to set window to 1 or even 0: ``` $isValid = $google2fa->verifyKey($secret, $password, 0); ``` What https://github.com/antonioribeiro/google2fa/pull/50 gives us is different: you now have the ability to disable passwords already used.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

9.x

fix-coverage

bump-to-version-9

10.x

reformat-code

add-linting

reorder-imports

8.x

install-php-84

test-on-php84

github-actions

master

7.x

pspstan

revert-124-123-google2fa_fix

v9.0.0

v8.0.3

v8.0.2

v8.0.1

8.0.0

v7.0.0

v6.1.3

v6.1.0

v6.0.1

v6.0.0

v4.0.2

v4.0.1

v5.0.0

v4.0.0

v3.0.3

v3.0.2

v3.0.1

v3.0.0

v2.0.7

v2.0.6

v2.0.5

v2.0.4

v2.0.3

v2.0.2

v2.0.1

v2.0.0

v1.0.1

v1.0.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.0

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/google2fa#494

No description provided.