One aspect I find puzzling is why most two-factor authentication (2FA) applications restrict authentication to only a single valid code at any given time. This constraint inevitably creates a window during which it is inconvenient or impractical to copy the code to another device. Allowing the previous code to remain briefly valid would eliminate this unnecessary delay, enhancing usability without significantly compromising security.
This is all in the standard, most places have implemented one of the options. I've implemented all of the options at least once. It's configurable based on how lax/secure you want to be.
Most places I've dealt with allow the previous and next code to also be used, so instead of a 30s window you actually have a 1.5m window.
Have you actually tried writing a code close to the expiry window? I've definitely submitted codes a few seconds after the expiry and had them still be accepted
Since totp codes are time based and there is no guarantee that time of the generating device, and the verifying device are exactly identical they usually allow some room for error. You'll probably be fine entering the code before or after for example.
Ente Auth displays the current code and the next code so you can choose whichever best meets the time remaining until the changeover. It’s a nice usability feature.
