Though they may say challenge response is valid only for 2 secs it is valid for more time. However this app n the portal is very confusing. The terms they use r not uniform sometimes they call user id as login id, Challenge response as passcode. The emails they send do not mention which method of authentication is to be followed. Sending 3 emails and multiple steps that too with the pressure of passcode expiry in 2 secs is just complex. And once u make a mistake ur temporary login details expire
SafeNet MobilePASS at Google Play market analyse