2factor authentication login.ubuntu.com

mo hataj
mo hataj
Community Member
in Mac

I just found the new support for 2factor authentication / one-time-passwords in 1password and I am moving my accounts now.
So all my authenticator (ios) supported logins work but not login.ubuntu.com.
I deleted my old authenticator authentication, created a new one, scanned the barcode with 1password and my iphone and got numbers succesfully generated.
The numbers on my iphone do work, the numbers on 1password do not.
What can I do?

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @mo hataj,

    I did try creating an account at https://login.ubuntu.com but I couldn't find out how to enable 2FA. This means for the moment I'm falling back on the generalised causes of issues.

    If the numbers generated on your Mac and iOS device differ I would suspect differences in the time clocks as TOTP is based on the current time. This would seem to be the strongest candidate given you scanned the same barcode on both.

    Could this be the cause at all? As long as both copies of 1Password are using the same secret then TOTP should be displaying the same numbers and changing at the same time (with a fraction of a second margin of error).

  • MrC
    MrC
    Volunteer Moderator

    https://help.ubuntu.com/community/SSO/FAQs/2FA#Can_I_use_it.3F

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Thank you @MrC,

    That link was really enlightening but now I'm confused. We support TOTP but it sounds like Ubuntu are supporting HOTP which is different. I wouldn't expect us to work with Ubuntu at all if that's the case @mo hataj. Given 1Password only supports TOTP are you still finding using 1Password for iOS allows you to gain access?

  • mo hataj
    mo hataj
    Community Member

    It's "Authenticator for IOS" that got the numbers right, so there's the source of confusion.
    OK, I'll wait for HOTP for 1Password

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @mo hataj,

    The one thing I'm unsure about is HOTP uses a counter instead of time clocks. Now if the counter is used as part of a challenge-response then I can see how that might work, if the counter is meant to increment on a success then I'm not sure how synchronising and hoping it works over multiple instances of 1Password would work (if that makes sense). TOTP cleanly bypasses that because all it requires is a time clock in sync. Of course this is for the developers to figure out :smile:

This discussion has been closed.