Add warning to TOTP docs

2022-06-15 15:54:44 +02:00 · 2022-06-15 15:54:44 +02:00 · d1661712ae
parent fd8c3b1b61
commit d1661712ae
1 changed files with 19 additions and 1 deletions
--- a/doc/sources/admin/totp2f.rst
+++ b/doc/sources/admin/totp2f.rst
@ -47,8 +47,26 @@ In the manager (advanced parameters), you just have to enable it:
   TOTP
 -  **Issuer name** (Optional): default to portal hostname
 -  **Interval**: interval for TOTP algorithm (default: 30)
-  **Range of attempts**: number of additional intervals to test (default: 1)
+
+.. warning::
+
+    Many mobile applications only support the default value
+
+-  **Range of attempts**: number of additional intervals to test (default: 1).
+   Use this settings if your server and phone clocks are not perfectly in sync,
+   at the cost of weaker security.
+
+.. note::
+
+    Range is tested backward and forward to prevent
+    positive or negative clock drift.
+
 -  **Number of digits**: number of digit by codes (default: 6)
+
+.. warning::
+
+    Many mobile applications only support the default value
+
 -  **Authentication level**: you can overwrite here auth level for TOTP
   registered users. Leave it blank keeps auth level provided by first
   authentication module *(default: 2 for user/password based modules)*.