1. Knowledge Base
  2. Authenticators ("Tokens")

How do I globally change the default time drift for time-based (TOTP) soft/hard tokens.

The standard token time drift is set to three time units, equivalent to 90 seconds (3 times 30-second units). The time unit represents the interval in seconds after which the TOTP will update. Altering the soft token drift is seldom necessary and could, in fact, be zeroed. To modify the default time drift, adjust the relevant setting in the web.config file.

<add key="Server.DefaultTotpTokenDriftUnits" value="3" /> 

To change the default time drift to 180 seconds you would change the setting to: 

<add key="Server.DefaultTotpTokenDriftUnits" value="6" /> 

When importing hard tokens or creating soft tokens, you can set the default time drift for the batch of time-based tokens you are importing or creating.

If you need to globally change the time drift for all existing time-based tokens in the system, you could use the following SQL query to change the time drift to 6 time units:

UPDATE DEVICE SET [Time Drift] = 6 WHERE [OTP Type] = 1

WARNING: This query changes the time drift for all time based tokens in the system. You should do a database backup first! 

If you require modifications to a specific set of time-based tokens based on different criteria, please reach out to technical support, and we will provide you with an updated database query.

If you would like to learn more about time-based (TOTP) tokens, including their functionality and configuration options, here is an informative Wikipedia article: