allow same code twice google authenticator
Imagine if a user inputs a valid google auth code to LOGIN. We perform the login action. Now the user navigates to the fund transfer page and code is still valid (still within the 60 seconds or so of its timespan shown in the app). Should …