From 766064b064cefb16ad5196e1c46d70cf49657e25 Mon Sep 17 00:00:00 2001
From: David Alger <davidmalger@gmail.com>
Date: Tue, 9 Jun 2020 18:18:37 -0500
Subject: [PATCH] Update default OTP Window to 1 per recommendation in RFC 6238

---
 TwoFactorAuth/etc/adminhtml/system.xml | 2 +-
 TwoFactorAuth/etc/config.xml           | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/TwoFactorAuth/etc/adminhtml/system.xml b/TwoFactorAuth/etc/adminhtml/system.xml
index 6144f83c..7086746b 100644
--- a/TwoFactorAuth/etc/adminhtml/system.xml
+++ b/TwoFactorAuth/etc/adminhtml/system.xml
@@ -42,7 +42,7 @@
                 <field id="otp_window" translate="label comment" type="text" sortOrder="10" showInDefault="1"
                        showInWebsite="0" showInStore="0" canRestore="1">
                     <label>OTP Window</label>
-                    <comment>This determines how long the one-time-passwords are valid for.</comment>
+                    <comment>This determines how long the one-time-passwords are valid for. An OTP Window of 1 will result in the current OTP value plus 1 code in the past and 1 code in the future to be valid at any given point in time.</comment>
                 </field>
             </group>
             <group id="duo" translate="label" type="text" sortOrder="40" showInDefault="1" showInWebsite="0"
diff --git a/TwoFactorAuth/etc/config.xml b/TwoFactorAuth/etc/config.xml
index 13287ab7..515a4ae9 100644
--- a/TwoFactorAuth/etc/config.xml
+++ b/TwoFactorAuth/etc/config.xml
@@ -21,7 +21,7 @@
                 <application_key backend_model="Magento\Config\Model\Config\Backend\Encrypted"/>
             </duo>
             <google>
-                <otp_window>30</otp_window>
+                <otp_window>1</otp_window>
             </google>
         </twofactorauth>
     </default>