From d43cf3a267eb5cb9dc69063fc850c31c890a1260 Mon Sep 17 00:00:00 2001
From: Bruno Michel <bmichel@menfin.info>
Date: Wed, 4 Oct 2023 11:14:33 +0200
Subject: [PATCH] Make 2FA codes valid for 15 minutes

---
 model/instance/auth.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/model/instance/auth.go b/model/instance/auth.go
index 438e867e7e3..ff9c59dcc2d 100644
--- a/model/instance/auth.go
+++ b/model/instance/auth.go
@@ -25,8 +25,8 @@ const (
 )
 
 var twoFactorTOTPOptions = totp.ValidateOpts{
-	Period:    30, // 30s
-	Skew:      10, // 30s +- 10*30s = [-5min; 5,5min]
+	Period:    60, // 60s
+	Skew:      14, // 60s +- 14*60s = [-13min; 15min]
 	Digits:    otp.DigitsSix,
 	Algorithm: otp.AlgorithmSHA256,
 }