26Eki
allow same code twice google authenticator
Imagine if a user inputs a valid google auth code to LOGIN. We perform the login action. Now the user navigates to the fund transfer page and code is still valid (still within the 60 seconds or so of its timespan shown in the app). Should we consider the code valid, or should we say wait for next code or something like that? Is it bad security wise? (Any links for more information would be much appreciated)
