The verifier SHALL use accepted encryption and an authenticated guarded channel when amassing the OTP in an effort to deliver resistance to eavesdropping and MitM attacks. Time-based OTPs [RFC 6238] SHALL have an outlined life span that is set by the predicted clock drift — in both path — of the authenticator in excess of its life span, additio