2FA not working: Invalid Code

bgrios
bgrios
Community Member

Hello! I recently started using 1Password's 2-factor authentication feature for Salesforce. I set it up about 3-4 days ago and it was working just fine. I didn't use it again after that until yesterday. Now, everytime I try to log in using the 2FA, I get an error saying I entered an Invalid Code.

I've already confirmed that the time on my computer is correct using time.is. I also confirmed that my computer is set to the correct time zone. I restarted my computer. I also downloaded the 1password app on my phone and confirmed that 1password was generating the same code across both devices. I've disconnected the 1Password 2FA and re-connected it to my Salesforce account multiple times, but that does not seem to fix the issue.

I'm at a loss because I'm not sure what else to try and because 1Password seemed to be working fine just a few days ago, so I'm not sure what could have happened in the intervening days. Would anyone be able to help? I really don't want to have to stop using 1Password, but I'll be forced to if I can't resolve this issue!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Chrome

Comments

  • Hello @bgrios! 👋

    I'm sorry that your one-time password isn't being accepted by Salesforce. As a first step to help me to better understand the issue could you try the following:

    1. Turn off two-factor authentication for Salesforce.
    2. Remove the one-time password from 1Password.
    3. Setup two-factor authentication for Salesforce again but when you see the QR code scan it using both 1Password and another authenticator app like Microsoft Authenticator or Google Authenticator.

    Does 1Password generate the same one-time password as the other authenticator app? Or does 1Password generate an incorrect one-time password while the other app generates a one-time password that allows you to sign in?

    -Dave

  • bgrios
    bgrios
    Community Member
    edited June 11

    Hey @Dave_1P ! Thanks for your reply. I just did what you suggested using Google Authenticator and discovered that Google Authenticator and 1Password are indeed generating different codes. The code that Google Authenticator produces is correct and allows me to log in. Do you know might be causing the discrepancy?

  • @bgrios

    Thanks for trying that test. I just did the same test and I'm seeing the correct one-time password being generated in both Google Authenticator and 1Password. You said that the one-time password does work initially but later stops working, is that right?

    I just did what you suggested using Google Authenticator and discovered that Google Authenticator and 1Password are indeed generating different codes.

    Did you remove the old existing one-time password from the Salesforce item in 1Password? You would need to scan the same QR code (which is regenerated each time that you "connect" an authenticator app to Salesforce) at the same time using both authenticator apps.

    Can you tell me how you're scanning the QR code into 1Password? Did you use the browser extension? Or one of the apps? Are you filling the one-time password into the Salesforce website or are you typing it in?

    -Dave

  • bgrios
    bgrios
    Community Member

    @Dave_1P

    You said that the one-time password does work initially but later stops working, is that right?

    So the 2FA feature of 1Password was working for about 3-4 days ago when I initially set it up as far as I could tell, but I only used it 1-2 times after I set it up. Then when I tried to use it again yesterday it did not work at all and kept giving me the same "Invalid Code" error. Ever since yesterday, I've disconnected and reconnected 1Password to my Salesforce account as a 2FA several times, and while the one-time code it produces when it reads the QR code to link to my Salesforce account does work every time, the codes it gives me to log in every time after that do not work.

    Did you remove the old existing one-time password from the Salesforce item in 1Password? You would need to scan the same QR code (which is regenerated each time that you "connect" an authenticator app to Salesforce) at the same time using both authenticator apps.

    What I did was I went into Salesforce, and on the "Users" page of Salesforce, I disconnected the authenticator app currently linked to my account (which was 1Password). After that, I logged back in, and when it asked me to connect an authenticator app, I clicked through the prompts until it showed me a QR code to scan. I scanned the same QR code at the same time with 1Password and Google Authenticator when testing this out earlier today. I did not remove the "old existing one-time password from the Salesforce item in 1Password". Can you elaborate on what this means?

    Can you tell me how you're scanning the QR code into 1Password? Did you use the browser extension? Or one of the apps?

    I'm scanning the QR code using the browser extension.

    Are you filling the one-time password into the Salesforce website or are you typing it in?

    I'm opening up the extension and pressing the "Copy" button next to code. Then I paste into the Salesforce website. I'm not using the autofill function.

  • Dave_1P
    edited June 12

    @bgrios

    Thank you for the reply. If you don't remove the previously saved one-time password from 1Password and you scan a new QR code using the browser extension then 1Password will keep the old one-time password where it is and then add a new one-time password as a custom field in your Login item for Salesforce.

    If you open the Salesforce Login item in 1Password and scroll down, do you see another one-time password there?

    -Dave

  • bgrios
    bgrios
    Community Member
    edited June 12

    @Dave_1P

    If you open the Salesforce Login item in 1Password and scroll down, do you see another one-time password there?

    Are you referring to the browser extension of 1Password? If so, then yes, when I clock on that and go into the Salesforce login item, I do see another one-time password there. Should I remove that, and if so, how?

  • @bgrios

    Thanks for the reply. It sounds like you saved multiple one-time passwords for Salesforce and that might be contributing to the issue. If you see multiple one-time passwords for Salesforce then can you tell me the following:

    1. If you try both, then does one of them allow you to login to Salesforce?
    2. Does one of them match the one-time password saved in Google Authenticator?

    -Dave

This discussion has been closed.