Delay in Authenticator Code

Why there is a delay in Duo Mobile Authenticator app when I see passcodes in Google Authenticator and Microsoft Authenticator.
I have tried the same scenario in Multiple third party applications with 2FA enabled with Duo Mobile, Google Authenticator and Microsoft Authenticator etc.

Hi @nishantj739,

Welcome to the Duo Community, and thank you for posting your question here! I’m not sure what you are referring to here. When you say “I tried the same scenario in multiple third-party applications” - could you tell us more about that? What scenario are you trying, and what are you seeing when you do so?

My hunch is that you might be referring to the countdown timer for TOTP (time-based one-time passcodes) for third-party accounts. If so, let me know and I’ll be happy to shed some light on that!

Yes. That’s correct . I see that there are delay in TOTP (time-based one-time passcodes) for third-party accounts when I compare with other Apps. Many times TOTP is delayed in Duo Mobile app and in Other apps it is coming promptly. Hence it causes issues when we input it to apps, it fails at edge cases (± 5 seconds of TOPT Expiry)

Ah ok, I understand. Thank you for clarifying and confirming. If your passcodes are failing, the account you are protecting (Facebook, for example) has likely disconnected from the Duo Mobile app. This is a separate issue which you can resolve by referring to the instructions in this thread: Note about Instagram, Facebook, and other third-party account lockouts

In answer your question about the “delay”, please see below:

Third-party OTP accounts in Duo Mobile display a 30 second countdown indicator to the right of the account in the app. If you don’t use the passcode in that timeframe, a new passcode is generated and the countdown begins again. This is outlined in our guide for both Android and iOS passcodes.

While a new TOTP passcode is generated every 30 seconds, the actual expiration time of the code depends on the third-party service receiving the code, as explained in this help article “When do passcodes generated in Duo Mobile expire?” Most service providers (i.e., Facebook, Instagram, etc.) have a validity window of 90 seconds to account for slight variations in time across devices.

I hope this answers your question!

Hi @Amy , Thanks for Elaboration. I agree for service providers which have 90 seconds validation, this Delay may work. But for providers who doesn’t have that liberty of 90 seconds, will still rely on 30-40 seconds validation for TOPT. I am using Duo TOPT for gmail service provider, and at times it fails but at same time Google authenticator code works. I see there is delay in Code on Duo Mobile App, when i have both TOPT opened for a Service Provider.

I have gone thru it everyday, and it happens very frequently. Is there a reason for this TOPT is actual delayed? Irrespective of service provider authentication & validation time being 30 or 60 or 90 seconds. I have captured this in video in attached link.

Hi @Amy, Can you provide your views on above updates?

HI @nishantj739, thanks for your patience and for following up with more details for us. I was talking to the team about this, and the answer I gave previously is accurate.

The delay you see is because Duo Mobile starts the timer at 30 seconds when a user first generates a passcode. We base the countdown off the time at which the account cell is tapped or expanded in Duo Mobile during login. This leads to a longer window of validation for each code because they start at 30 vs. starting at some number 30 or less. The reason for this is improved usability, as the user has more time to enter the passcode, since in the vast majority of cases the validation window is greater than 30 seconds. Although as you’ve noted, not every single TOTP implementation adheres to the guidance to use a greater validation window.

In cases where a passcode expires, closing and reopening the Duo Mobile app should work to regenerate a code you can use to login.