1Password WebApp Fails On One PC
We have several staff members utilizing the same 1Password account to authenticate to a govt website.
It works perfectly for the majority of the staff, however on one users Windows 10 Machine they do not get valid OTPs generated on the website.
Even when they are the only person signed into 1Password.
An example is that i logged into 1Password and used the code generated to authenticate her sign in.
Then i signed out of 1 Password and out of the govt site on her PC
On her PC i signed into 1Password and used the OTP generated to auth to the govt website, this fails.
I have about 8 machines this works great on and 1 where it doesnt.
What are some common causes for sync issues with the OTP?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: DOL Website
Comments
-
Hi @JohnCur913! Welcome to the forum!
On her PC i signed into 1Password and used the OTP generated to auth to the govt website, this fails.
The very first thing that is worth checking is if the time is the same on all of your devices. 2FA is very time-sensitive, so any drift in time on any of your devices could cause the authenticator codes to be rejected.
A good resource that makes it easy to check this is the following website:
https://time.is/
After making sure the time is the same on every one of your devices, your authenticator codes should be accepted.
0 -
Good Morning Ana,
Thank you for the quick response on this.
I had a suspicion that it might be an issue with the time yesterday, I made sure the machine in question was using the same time server as one of the machines that did work.
I set them both to: time-a-g.nist.gov (EST)
The problem machine still refused to generate valid codes.
the computer it had always worked on continued working.I also tested it out of an InPrivate browsing windows, in several browsers, to rule out it being a problem caused by cookies or cached data.
As a workaround I'm thinking I will have them install the 1Password app on their phone and see if that will work correctly for them.
Its not an ideal solution, however it is better than having them ask their colleagues to generate codes for them.0 -
I had a suspicion that it might be an issue with the time yesterday, I made sure the machine in question was using the same time server as one of the machines that did work.
Note that using the same time server as the one you use on a machine that is working is not necessarily enough. You could be using the same server, but one machine can still go out of sync. Does the website I suggested show you that the time is correct down to the second?
0 -
I ran the requested test with time.is on the problem PC.
It did show the correct time when using time-a-g.nist.goNext i removed the custom time server I had on the machine and set it back to the domain default
The default is for the machine to receive its time settings from the Domain ControllerI checked time.is on this DC as well.
The time being handed out by the DC is ~1 minute slow.
However, this is the time being handed out domain wide and works properly on all but one computer.As shown in the attached picture, the times are the same on both the Problem PC & DC
The settings on the left are from the problem PC. The settings on the right are from the Domain Controller.I have also had success on other machines that get their time settings from other sources. Such as my home PC which exists completely outside the company domain.
I am doubtful at this stage that this is an issue with the time settings on the machine.Please let me know if there are more tests you would like me to run.
Thank you kindly.0 -
Out of curiosity, does this person have more than one website with OTPs in 1Password? Are all of the OTPs rejected, or is this one the only one that is rejected? This can help us understand if the issue is with the device, or with a specific OTP.
0 -
We only have one site bound to the 1Password for OTPs.
This 1Password account generates valid OTPs for this website on all other machines.It is definitely an issue specific to the computer.
I get the same results on this machine through several browsers. (Chrome,IE,Firefox)I will try to get some time on the users computer later today.
I will bind another site to 1Password to determine if it is all OTPs on this machine or specifically OPTs generated for this one website0 -
Sounds good, thank you! Please keep us posted :+1:
0
