Only allow up to 30 seconds of overlap on comparing the 2FA tokens.

app/Http/Controllers/Auth/LoginController.php

@@ -157,7 +157,7 @@ class LoginController extends Controller
         }
 
 
-        if (! is_null($request->input('2fa_token')) && $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'))) {
+        if (! is_null($request->input('2fa_token')) && $G2FA->verifyKey($user->totp_secret, $request->input('2fa_token'), 1)) {
             Auth::login($user, $request->has('remember'));
 
             return redirect()->intended($this->redirectPath());