update

docs/api.md

@@ -32,6 +32,19 @@ print(requests.get(
 ).text)
 ```
 
+Since in the borderline case of the 2FA code lifetime, the code may be invalid,
+it makes sense to either handle error 403 by repeating the request in seconds.
+
+A more correct way is to combine this method and check the remaining lifetime
+and postpone the request if there is a second or so left. You can find out how much
+time is left in this way:
+
+```python
+totp = pyotp.TOTP(secret)
+now = int(time.time())
+remaining = now - (now % totp.interval)
+```
+
 
 ### Single request auth
 

docs/auth.md

@@ -3,9 +3,11 @@
 PiKVM comes with the following default passwords:
 
 * **Linux admin** (SSH, console, etc.): user `root`, password `root`.
-* **PiKVM Web Interface, API, VNC...**: user `admin`, password `admin`.
+* **PiKVM Web Interface, API, VNC...**: user `admin`, password `admin`, no 2FA code.
 
-**These are two separate entities with independent accounts.** To change passwords, you will need to use the terminal access via SSH or Web Terminal. If you are using the Web Terminal, use the `su -` command to get root access (enter the root user password).
+**These are two separate entities with independent accounts.**
+To change passwords, you will need to use the terminal access via SSH or Web Terminal.
+If you are using the Web Terminal, use the `su -` command to get root access (enter the root user password).
 
 
 ## Linux authentication
@@ -61,8 +63,11 @@ Steb-by step to enable 2FA:
 
 6. Now, on the PiKVM login page, you will need to add 6 digits to the **2FA code** field.
 
+Now all Web UI users will be required to enter a one-time password. In other words, the secret is the same for all users.
+
 !!! note
-    With 2FA for API or VNC authentication, you will need to add the one-time code to the password without spaces. That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password.
+    With 2FA for API or VNC authentication, you will need to add the one-time code to the password without spaces.
+    That is, if the password is `foobar` and the code is `123456`, then you need to use `foobar123456` as the password.
 
 To view the current QR code of the secret use `kvmd-totp show`.
 

docs/faq.md

@@ -197,7 +197,7 @@ As a first step, we recommend carefully reading our documentation on [GitHub](ht
 
 
 ??? question "What is the default password? How do I change it?"
-    There are two types of accounts: OS and PiKVM (web interface) accounts. The system account `root` can be used for SSH/UART access and has the password `root`. The web interface account is called `admin` and has the password `admin`. The PiKVM account cannot be used for SSH access and vice versa.
+    There are two types of accounts: OS and PiKVM (web interface) accounts. The system account `root` can be used for SSH/UART access and has the password `root`. The web interface account is called `admin` and has the password `admin`, no 2FA code. The PiKVM account cannot be used for SSH access and vice versa.
 
     To change passwords, use the following commands (under root):
 
@@ -209,6 +209,8 @@ As a first step, we recommend carefully reading our documentation on [GitHub](ht
     ro  # Back to read-only
     ```
 
+    Optionally you can enable the [two-factor authentication](auth.md#two-factor-authentication).
+
 ??? question "How do I add another user?"
     As stated above you need to make 2 accounts, 1 for the shell, the other for the PiKVM Web UI.
     

docs/first_steps.md

@@ -57,7 +57,7 @@ For future examples, let's assume that your PiKVM has received the address **192
 ??? example "Access to PiKVM Web Interface"
     In MOST networks you should be able to reach PiKVM via any browser with the URL `https://192.168.0.100/` OR `https://pikvm/`. Google Chrome (Chromium), Firefox and Safari work best with 0 extensions enabled, if one works but the others do not, this is a browser/extension issue. Its advised you use Private window or Incog mode. Microsoft Edge and Internet Explorer are not supported.
 
-    **The default user is `admin` and the password is also `admin`.** After logging in, you will get access to the menu with the main functions. Using the Web terminal, you can change system settings and passwords.
+    **The default user is `admin`, the password is also `admin`, and no 2FA code.** After logging in, you will get access to the menu with the main functions. Using the Web terminal, you can change system settings and passwords.
 
     *The latest versions of Chrome on Mac OS do not allow access to the page with a self signed certificate, which is used in PiKVM by default. You can proceed by typing `thisisunsafe` and Chrome will then load the page.*
 
@@ -82,7 +82,7 @@ For future examples, let's assume that your PiKVM has received the address **192
     PiKVM comes with the following default passwords:
 
     * **Linux admin** (SSH, etc.): user `root`, password `root`.
-    * **PiKVM Web Interface**: user `admin`, password `admin`.
+    * **PiKVM Web Interface**: user `admin`, password `admin`, no 2FA code.
 
     **These are two separate entities with independent accounts.** To change passwords, you will need to use the terminal (read below) access via SSH or Web Terminal. If you are using the Web Terminal, use the `su -` command to get root access (enter the root user password).