Incorrect One-Time Pass QR Codes

Rashin
Rashin
Community Member
in Lounge

I have run into an issue where 1pass on my mobile device is giving back incorrect one time codes. I did the same setup with Google Authenticator and it works. I checked the translated otpauth url that the QR codes are running the same as well as the regional time settings to ensure that there is no time mismatch. It doesn't happen for all sites but one in particular that it is showing up on "nexusmods.com".

Samples:
Not working: "otpauth://totp/Nexus%20Mods:myemail@mydomain.com?secret=CODEPROVIDEDBYSITE&issuer=Nexus%20Mods"
Working: "otpauth://totp/Electronic%20Arts:myemail@mydomain.com?secret=CODEPROVIDEDBYSITE&issuer=Electronic%20Arts"
All time settings: GMT-0500

I thought that originally that it might have been something by the specific site that is causing it, but if it works in GAuth and not 1pass then I can only assume that it might be something with the 1pass app that it is doing something different.

I also tried it in the 1 pass linux desktop app and chrome extension and it is also giving back incorrect codes. (also re-verified the time settings to ensure sync.)

1Password Version: 7.9.2-mobile 8.7.0-desktop
Extension Version: 2.3.3
OS Version: 11-android Ubuntu-21.10-x64 101.0.4951.54-Chrome

Comments

  • DenalB
    DenalB
    Community Member

    Hi @Rashin !

    I had the same issue with some TOTP codes in the past. I tried using the code only instead of the complete path.
    So, please try to switch the "otpauth-URL" into the "CODEPROVIDEDBYSITE" only. For me this works on all sites including "Nexus Mods".

  • Rashin
    Rashin
    Community Member

    @DenalB

    Thank you for this. Removing the ?issuer part of the URI fixed the issue. That's a weird thing to have it fail. But hey. Glad its working now. Keeping this info if I run across any other sites 2FA that I experience similar issues with.

    Question for 1pass team: If removing the &issuer fixes it, would that point to the sites implementation of 2FA or something specific to 1pass?

  • DenalB
    DenalB
    Community Member

    Hey @Rashin !

    Sorry for the delay...

    Thank you for this. Removing the ?issuer part of the URI fixed the issue.

    Great to hear that!

    Actually, when adding an OTP code to 1Password, I manually change it to the "CODEPROVIDEDBYSITE" only and never had any issues with that. 😁

  • Jack.P_1P
    Jack.P_1P

    Hey @Rashin:

    I'm glad to hear @DenalB was able to get you sorted, and I'm sorry that it took us a bit to get back to you. Feel free to get in touch if there's anything else we can help you with in the future!

    Jack

This discussion has been closed.