In some conventional systems, users are provided with hardware or software tokens to increase security in authentication when logging in to an account across a network. These tokens typically display a code that varies with time, based on an internal clock that synchronizes with a server clock. The user must enter in the code in the login process, which the server can verify as being the correct code based on the time. In many systems, the code on the token varies at 1-minute intervals. In order to account for delay in entering the code and slight de-synchronization between the clocks on the token and the server, the servers in these systems typically accept the previous and the subsequent code in the sequence, in addition to the current code. These three codes are sometimes referred to as the “small window.”
Because some tokens have clocks subject to significant drift problems, the token can become significantly out of synchronization with the server after several months. Therefore, if the code entered by the user is not within the small window, but is within a surrounding large window (conventionally defined as the codes for the current time+/−10 minutes), then the user may be conditionally authenticated if the user is able to enter a subsequent valid code. This ensures that the user has not snooped a valid code from another valid user in order to gain unauthorized access.