one-time-password
Hi. I discovered an super ugly bug with the one-time-password feature. Ever since I updated to 5.3 the one-time-passwort feature generates invalid passwords! I can no longer login to my synology diskstation. I will have to revert to Googles OTP app. Not really what I was looking and hoping for! Will you be able to fix this anytime soon?
Comments
-
Ever since I updated to 5.3 the one-time-passwort feature generates invalid passwords!
That doesn't apply for all of us, you know. :) I rather wonder if it's less a bug and more a problem with the site for which you're trying to generate a TOTP. If you'd like to tell us the URL for the site (so long as it's not confidential) someone can test it for you.
Rest assured 1P continues properly to generate correct TOTPs for some of us.
Stephen
0 -
Hello Stephen. It is my NAS from Synology. It worked until I installed 5.3. Does not seem like it is a problem on the other side as I have not changed Synology's software. Maybe I overlook something? ;-)
0 -
Hi @mtanner,
Version 5.3 was the first to support the Time-based One-Time Password feature in the Mac version of 1Password, so I'm not sure how it would have worked in previous versions at all. We added that feature to the iOS and Windows versions of 1Password a few months ago, are you using either of those? If so, and if you set up a TOTP in the iOS or Windows version, the "One-Time Password" field would sync to the Mac version, but wouldn't have been able to generate any one-time passwords until version 5.3.
If you need to setup (or re-setup) a TOTP in 1Password for Mac, please make sure you take a look at the instructions here: Setting up TOTPs (Time-based One-Time Passwords)
Does that help to create a working TOTP? Please let us know how it goes and if you need more help with that. Thanks!
0 -
Hi Drew_AG. Thank you for your reply. However, this is not entirely correct! From the top of my head: Initially there was a version with TOTP, then there was an UPDATE where you could also COPY the TOTP to the clipboard. There must have been two versions, double check that, please. The first one (without the copy to clipboard feature) worked perfectly, the next one not. I use a Mac version plus an iOS version. I did not try the iOS version. I had to disable the one-time-password feature in my Synology via emergency code. I simply don't like to take chances to be locked out ;-)
0 -
Hi @mtanner,
Unless I'm misunderstanding what you mean, the first version of 1Password for Mac to support TOTP was definitely 5.3, which was released earlier this month. You can see that in the release notes.
As for an update with a fix for a copy issue, I wonder if you could mean this:
- Fixed issue where the hover copy button of the TOTP field covered the countdown timer. {OPM-2939}
That issue didn't prevent copying to the clipboard, it just caused the time remaining counter to be covered by the copy button. Is it possible that's the fix you're thinking of? That was included in version 5.4.BETA-3. Are you using a beta version of 1Password for Mac? If so, that might explain the confusion.
Either way, have you tried setting up the TOTP in that Login item again to see if that helps?
0 -
Hello again. I tried a bit today. Google password generator produces the same code as 1PW.. so far so good. I also found out, that when I enter the code manually, it works. When I copy/paste, it doesn't! Still seems to me the problem comes from 1PW..
0 -
Hi @mtanner,
It's entirely possible that there's a bug with the copy/paste mechanism. Can you try pasting the code into a text document to see what gets pasted, to ensure it's the same code as what's presented? Are there any additional characters in it? It should only be the numbers, with no spaces or separators.
Since it's by definition a time based password, there's no harm in letting us know what the value was, if it's incorrect. If there's a bug here, I'd love for us to get this fixed up.
Thanks
Rick
0 -
Hi Rick. I am puzzled. It does not seem to be padded with spaces or anything, yet, I just tried again. Copy/paste ended in not being accepted, manual entry works. I have no clue, really. This is an example code of right now 367851
0 -
@mtanner : And the value copy/pasted looks the same to your eyes as the manually typed value?
0 -
absolutely. but it is getting even more mysterious.. right now, it works again. I did not change anything, neither on my diskstation nor in 1PW. I will continue to login and let you know after a dozen or so times.
0 -
@mtanner: That's great news! It should have been working in the first place if you had the number entered correctly, so it may be a glitch with the NAS itself (software or hardware).
Keep in mind that since the TOTP code is generated using both the shared secret and the current time, a small glitch or desynchronization of the system timer on the NAS (or your computer) would cause the codes to not match up correctly too. But it could always just be a browser caching issue. Very strange, but I am glad to hear it's working for you again. :)
0 -
Hi, I also own two Synology NAS devices (DS413j and DS415play) and use OTP as an additional security mechanism. It works without any hassle. But it is really important to have time preciously synchronized with some reference NTP server, otherwise OTP can't work properly. When the time is not in sync, the behaviour can be strange and the OTP can become invalid even during its life-time.
0 -
@oksoftware: Very true! 1Password depends on the operating system for this. Fortunately modern OSes are generally very good about automatically keeping time. Cheers! :)
0
