help!One-time password all invalid!!

kfcimc
kfcimc
Community Member

All the one-time passwords are successfully bound, and now all accounts are prompted that the security code is invalid!!


1Password Version: 7.8.1
Extension Version: Not Provided
OS Version: os 10.15.7
Sync Type: Not Provided

Comments

  • kfcimc
    kfcimc
    Community Member

    Unbind and re-bind, the verification is invalid

  • MrC
    MrC
    Volunteer Moderator

    @kfcimc

    Your system’s time is incorrect. Be sure it is being sync’d to a time server.

  • @kfcimc

    I would agree 100% with MrC suggestion. https://time.is may be helpful.

  • vanc
    vanc
    Community Member

    Hi,

    i have the same problem... literaly over 50 OTPs not working anymore. It's a very critical Situation because i can't access important Websites or Servers anymore.

    It's no solution to rebind them again. Also (!) i can't even rebind them because every OTP after scanning the QR-Code is wrong.

    best regards

  • [Deleted User]
    [Deleted User]
    Community Member

    @vanc This is usually due to your device not havng the correct time. Check the time against a time server and that the time zone is correctly set.

  • vanc
    vanc
    Community Member

    @rootzero can you tell me how i set my time right? Im in germany and all my Devices (MacBook, Win, Linux, Android) are getting their time automatically right now.

  • ag_ana
    ag_ana
    1Password Alumni

    @vanc:

    Indeed, I would also recommend checking if the time is the same on all of your devices. 2FA is very time-sensitive, so any drift in time on any of your devices could cause the authenticator codes to be rejected.

    A good resource that makes it easy to check this is the following website:

    https://time.is/
    

    After making sure the time is the same on every one of your devices, your authenticator codes should be accepted.

  • vanc
    vanc
    Community Member

    @ag_ana thanks for your response.

    i receive my time from Microsoft or Apple Servers for Years working with 1Password OTP. Why it is a Problem now...?

    I've set my time with time.is and i only have a discrepancy of 0,2 seconds. It still not working for me.

    How often does this problem come up in the future?

    I'm aware of the physics and why time is shifting over years, but wouldn't it be a better answer to say: Apple, Microsoft has to shift their servers so millions of 1Password users don't have to set their time to time.is?

    Best Regards

  • ag_ana
    ag_ana
    1Password Alumni

    @vanc:

    My understanding is that even if you have your time synced, this can change over time in your operating system, even if the time is correct on the server. I have seen this happen most often with Windows devices, and usually fixing the time manually once is enough to get the time to sync again. It happened to me too during one of the last operating system updates if I am not mistaken.

    Do you perhaps use 1Password on multiple devices? If you do, do you see different OTP codes on each device?

  • vanc
    vanc
    Community Member
    edited August 2021

    @ag_ana

    Yes. As i mentioned earlier i'm using my Android-Phone and my MacBook to Work remote. Because i'm at home today i also have access to my Windows machine too.

    All Devices are showing the same OTP. I've been setting up a new Docker container with GitLab. Therefore i've created a new User and wanted to setup my 2FA-Authentication. When i try to scan the QR-Code with my Android phone and typing the code into the Setup field it already claiming the OTP-Code is invalid. The same problem happens, when i try to set it the 2FA up with my MacBook or Windows machine.

    I think something has changed with recent update of 1Passwort itself.

    thanks for your patience

    Best regards

  • ag_ana
    ag_ana
    1Password Alumni

    @vanc:

    For confirmation, is this all happening inside Docker containers, or even on regular websites that you visit in your browser (and OTPs that you have already configured in 1Password, instead of new ones like the GitLab one in this case).

  • d_stone
    d_stone
    Community Member

    I'm sorry if I'm jumping into this discussion here with my info.

    I also had a broken one-time password today and I hope it's not a bug in the application. – 1Password 7.8.7 (macOS)

    The time on my MacBook is correct.

    I had added a new entry to an object in the saved form details, hoping that this would be filled in when logging in to the website. But anyway.

    After that editing, the one-time password of this object no longer worked from my MacBook. On my iPhone the one-time password was still correct, because I only synchronize locally via WLAN. — Fortunately, a synchronization was not yet triggered and I did not want to trigger, because I assume that then also the object on the iPhone is broken.

    On the iPhone, unfortunately, I could not use 1Password to display the one time password secret or generate a QR code to restore the one-time password on the MacBook. :-( — I don't know if this is possible with 1Password at all.

  • ag_ana
    ag_ana
    1Password Alumni

    @d_stone:

    You say that this started happening right after you edited this entry in 1Password. Have you tried reverting that edit to see if that was indeed what caused the issue?

  • d_stone
    d_stone
    Community Member

    Yes, correct. After the edit I noticed the problem. with the one-time password, which is also stored in this entry of 1Password, because I need it on other login pages of the customer.

    I wanted to try that 1Password already enters the fixed PIN in the last field before the RSA token. The token must then be typed via hardware dongel. This did not worked and I, because I like the web form details cleaned, removed this again and typed it in manually in the website again.

    A short time later I needed the one-time password and found the broken one-time password.

  • ag_ana
    ag_ana
    1Password Alumni

    @d_stone:

    Is the time of your Mac, the one reported by https://time.is, correct within 30 seconds?

  • d_stone
    d_stone
    Community Member

    +0,9 seconds ahead

  • d_stone
    d_stone
    Community Member

    It is possible that the clock was not quite in sync yesterday. But I had looked yesterday, after the "incident", everything was correct. But I can't say it exactly, because I didn't have the focus on it and I wasn't aware of the dependency of my system clock to the password.

    Suppose that happens to me/us again. Does 1Password synchronize the one-time password with the system time continuously or only when editing the entry?

  • @d_stone

    TOTP codes are always generated based on the current system time. Editing the item does not impact that. I hope that helps clarify. Thanks!

    Ben

  • d_stone
    d_stone
    Community Member

    Hi @Ben,
    that means, maybe this one-time password wasn't broken, but only for a short time my system time was out of sync. It could have been fixed without creating a new one-time password entry.

    In any case, I'll pay attention to it next time. But I hope it never happens again ;)

  • Sounds good and here's to it not happening again.

  • d_stone
    d_stone
    Community Member

    A short final update from my side on this topic
    In the company network the company MacBook does not reach the time server and thus the time is out of sync.
    Because of that the one-time passwords are no longer correct and after the system time is synchronized again, everything is correct again.

    Thanks for your good support. That this is related is an important realization and I understand this relationship now. :)

  • ag_ana
    ag_ana
    1Password Alumni

    In the company network the company MacBook does not reach the time server and thus the time is out of sync.
    Because of that the one-time passwords are no longer correct and after the system time is synchronized again, everything is correct again.

    Thank you for the update @d_stone :)

    Thanks for your good support. That this is related is an important realization and I understand this relationship now. :)

    On behalf of Ben and Tommy as well, you are welcome!

This discussion has been closed.