one-time password has duplicate values
I've been updating/moving my 2FA from an authenticator to 1Password. Since it's easier to scan with my phone, I prefer to enter the codes this way. However, today I noticed that the resulting code on my PC is different than on my mobile phone.
This ought not be so. I think I found a bug.
1Password Version: 8.4.1
Extension Version: Not Provided
OS Version: Windows 10 21H2
Referrer: forum-search:one-time password duplicate values
Comments
-
false alarm! my PC won't keep the current time no matter how hard I point my finger at it. This was the culprit...
0 -
Thank you for the update @joseph_fsm!
0 -
Hi, I am having this same issue. I can´t change either the phone time, or the PC time (as it is company managed). Shouldn't 1P be able to show the same 2FA code regardless of the device time? I don´t recall this happening in previous versions.
0 -
I can´t change either the phone time, or the PC time (as it is company managed). Shouldn't 1P be able to show the same 2FA code regardless of the device time?
No, because the generated TOTP depend on the system time. So if the time is different on two devices, the generated codes will be different.
0 -
So that means that any machine generating a TOPT that is not well synced to the (atomic?) time would inevitably yield a wrong code. It would be nice of 1P to ensure the code is correct regardless of what the machine time is, as machine time can sometimes be wrong for whatever reason.
I guess this would be a feature request.
Thanks,
0 -
I'm no programmer but I think authenticators work based upon the correct time and time zone where the end user is.
0 -
So that means that any machine generating a TOPT that is not well synced to the (atomic?) time would inevitably yield a wrong code.
Correct, the time needs to be exact. The whole TOTP idea is based on this assumption.
It would be nice of 1P to ensure the code is correct regardless of what the machine time is, as machine time can sometimes be wrong for whatever reason.
This is unfortunately not possible. TOTP stands for Time-based One-Time Password, so you cannot just change the codes to make them "correct", the codes will be correct if the time on the device is also correct. So I don't think there is anything we can do here, since that is how the algorithm is supposed to work, @joseph_fsm is right here :+1:
0 -
Thanks @ag_ana for the response.
so you cannot just change the codes to make them "correct", the codes will be correct if the time on the device is also correct
Of course, I did not mean for 1P to magically change the OTP to the correct one. But rather to have 1P maintain its own time service, and not rely on system time. This would seem logical for systems such as MS Windows where the computer admin can arbitrarily change the system time.
I´m not technical, but it seems to me that it would not only make sense, but that it should be possible (at least on MS Windows).
0