How to improve CA Mobile OTP user experience on the mobile phone with time drift problem.

Document ID : KB000068651
Last Modified Date : 14/09/2018
Show Technical Document Details

We are using TOTP and noticed a few problems reported by some of the CA Mobile OTP app users, such as:

  1. As user's mobile phone clock drifts a few seconds every day, authentication failures start happening some days after ArcotID OTP activation.
  2. CA Mobile OTP generates new OTP every 30 seconds which is too quick to allow some users to finish the input.
    • CA AuthMinder 7.x
    • CA Strong Authentication 8.x, 9.x
    1. On the mobile phone we could enable the time sync or use some Clock Sync App to synchronize the mobile clock.

    On the CA AuthMinder server side we can use some back-end settings to mitigate these two problems.

    For the first problem, we can increase the following Count settings on the ArcotOTP Authentication Policy on  Arcot Administration Console.
    => Authentication Look Ahead Count
    => Authentication Look Back Count
    Profile configuration
    Profile configuration

    2. For the second problem, we can increase the Time Step setting on the ArcotOTP Issuance Profile:

    Time Step
    Policy configuration