Thank you SE for adding Google Auth support

[Seleni]

Although other websites will have their own rules, in my experience it's common that anything requiring a one time password would accept the current password, but also the password before AND the password after (so increasing the login window size from 30 seconds to 1 minute and 30 seconds). This is why with other websites you can still submit as password as it's about to change, but with XIV as soon as the password changes, it's instantly denied.

It'd be nice if SE would change their system to do this as well, but I'm just happy they're using a standard authenticator now so I'll live with it. If your password is about to timeout, just wait for it to change first

That.. sounds pretty dangerous. The longer the window the more likely that those phishing sites would get hold of the victims’ accounts, which defeats the part of the point of having 2FA.

I actually switched from the SE’s own app to Microsoft’s Authenticator in hopes of a shorter window, because SE’s own one felt pretty long.

[worldofneil]

That.. sounds pretty dangerous. The longer the window the more likely that those phishing sites would get hold of the victims’ accounts, which defeats the part of the point of having 2FA.

Absolutely, although this is only a problem when users copy/paste links and give their information out without actually checking if they're official... Maybe SE had enough of people of falling for this hence the made it only a very short window.

I actually switched from the SE’s own app to Microsoft’s Authenticator in hopes of a shorter window, because SE’s own one felt pretty long.

i can't remember how long the SE official app was for their OTP, but anything based on Google Authenticator's OTP system is in 30 second intervals so using another client doesn't make any difference as they're all still generating 30 second codes.