It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Latest 1Password Safari Extension Producing Incorrect One-Time Codes
I noticed the extension was giving the wrong one-time (two-factor) codes. I noticed it the other day, and thought something was wrong with my one-time code data stored in 1Password, even went through several trials of resetting two-factor for my accounts, and now I realize it’s the extension. I’m using the latest beta, 1Password for iOS 8.10.8 81008010, on BETA channel. I’m not sure what the exact extension version is, but it’s the absolute latest, via TestFlight (shows passkey info).
Edit: I believe, but can’t fully remember, that it’s also happening on desktop, which in that case it’s using the new beta specifically for Safari on Mac. It’s the latest version, with passkey support.
9 Replies
- 1P_Dave
Moderator
Thank you for sharing. 🙂
-Dave
Ryan_Parman , I apologize but I left out the last part of my message (for what it’s worth). Basically, because of the one-time code glitch, I was going back and forth changing my two-factor settings on Google, and easily could’ve gotten the one-time settings mixed/messed up. Luckily, I had more than just the “rolling one-time code” method. You can almost imagine it’s like losing/misplacing a bitcoin… there’s no going back (if you’re not lucky).
I’m glad the issue hasn’t popped back up again, but I definitely experienced a problem.
nimvio: Sure. This has only happened to me once in the 10+ years I've been using 2FA.
- 1P_Dave
Please let us know if you do run into the issue again in the future and we'll be happy to dig deeper.
-Dave
Ryan_Parman , thanks for the suggestion. I think it's important to note that one should be careful about modifying the two-factor (one-time password rolling) codes when there's a mismatch in information between the apps/extensions. In other words, I thought my two-factor codes for a Google account somehow got screwed up in the 1Password app, as I had not made any changes for years, but I (accidentally) noticed the app & extension were showing different numbers. The point is one should be careful and have multiple two-factor methods when messing around with verification settings.
Update: I haven't noticed any issues with two-factor (codes) since updating to a slightly newer (but very beta) version of the apps/extensions. Fingers crossed!
- 1P_Dave
Thank you for the suggestion! 🙂
-Dave
I've seen this once before on my AWS account.
- Make sure time is syncing with a time server.
- Go to the vendor's website, remove TOTP, then re-add TOTP with a new secret.
GreyM1P1Password Team
Hi both.
Most times we see errors with one-time passwords, it's because the system clock is slightly out of sync. Go to https://time.is/ and check if your system's clock is accurate.
It worked as soon as the code refreshed, but after 15 seconds or so, the site wouldn’t accept the code.
@chris55 This would suggest the system clock is ~15 seconds slow. After 15 seconds, the website will have ticked over to expecting the next code.
Slightly inaccurate clocks won't affect most things on your system – secure connections will still work, for example – but time-based one-time passwords require a higher degree of accuracy.
Let me know what you find out. :)
— Grey
