Digi IX14 User Manual page 201

User authentication
d. Add a secret key:
(config auth user new_user 2fa)> secret key
(config auth user new_user 2fa)>
This key should be used by an application or mobile device to generate passcodes.
e. For time-based verification only, enable disallow_reuse to prevent a code from being
used more than once during the time that it is valid.
(config auth user new_user 2fa)> disallow_reuse true
(config auth user new_user 2fa)>
f. For time-based verification only, configure the code refresh interval. This is the amount of
time that a code will remain valid.
(config auth user new_user 2fa)> refresh_interval value
(config auth user new_user 2fa)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set refresh_interval to ten minutes, enter either 10m or 600s:
(config auth user name 2fa)> refresh_interval 600s
(config auth user name 2fa)>
The default is 30s.
g. Configure the valid code window size. This represents the allowed number of concurrently
valid codes. In cases where TOTP is being used, increasing the valid code window size may
be necessary when the clocks used by the server and client are not synchronized.
(config auth user new_user 2fa)> window_size 3
(config auth user new_user 2fa)>
h. Configure the login limit. This represents the number of times that the user is allowed to
attempt to log in during the Login limit period. Set to 0 to allow an unlimited number of
login attempts during the Login limit period
(config auth user new_user 2fa)> login_limit 3
(config auth user new_user 2fa)>
i. Configure the login limit period. This is the amount of time that the user is allowed to
attempt to log in.
(config auth user new_user 2fa)> login_limit_period value
(config auth user new_user 2fa)>
where value is any number of weeks, days, hours, minutes, or seconds, and takes the
format number{w|d|h|m|s}.
For example, to set login_limit_period to ten minutes, enter either 10m or 600s:
IX14 User Guide
Local users
201