Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Summary Under the default configuration, Devise-Two-Factor version = 2.2.0 & 6.0.0 generate TOTP shared secrets that are 120 bits instead of the 128-bit minimum defined by RFC 4226. Using a shared secret shorter than the minimum to generate a multi-factor authentication code could make it easier...