We have a small team in a warehouse environment here. Workers use a shared tablet but authenticate with their own accounts. I’m leaning toward HOTP because the tablet is often offline, yet I’m nervous about counter chaos if folks tap the code button multiple times or switch between devices mid-shift. We can’t afford lockouts that stall operations. What policies maintain stability without compromising security too much?
Never share the same HOTP secret across people or across primary/backup devices—issue a distinct token (and counter state) per user and per device. Implement a limited forward scan (e.g., next 10–15) and, on success, advance the stored counter to that exact value. Throttle attempts per account and per IP to mute brute force, and show a simple banner in the UI: “Press once, wait.” For support, include a guided resync that asks for two consecutive codes to realign safely. When you need to validate your logic without risking production, this hotp generator lets you reproduce the exact next values and confirm that your backend advances only once per success. Document a “device change” flow so if a token is reinstalled, your helpdesk can resync or rotate quickly.
Adding a neutral perspective from operations: training people to press once and pause did most of the work. The narrow look-ahead plus rate limiting handled the rare extra presses, and storing counters per device avoided surprises when someone switched tablets. We also added a short lockout after repeated failures, which didn’t bother real users but stopped endless guessing. With those guardrails in place, HOTP worked smoothly even when the network didn’t.
