Incorrect One-Time Pass QR Codes
I have run into an issue where 1pass on my mobile device is giving back incorrect one time codes. I did the same setup with Google Authenticator and it works. I checked the translated otpauth url that the QR codes are running the same as well as the regional time settings to ensure that there is no time mismatch. It doesn't happen for all sites but one in particular that it is showing up on "nexusmods.com".
Samples:
Not working: "otpauth://totp/Nexus%20Mods:myemail@mydomain.com?secret=CODEPROVIDEDBYSITE&issuer=Nexus%20Mods"
Working: "otpauth://totp/Electronic%20Arts:myemail@mydomain.com?secret=CODEPROVIDEDBYSITE&issuer=Electronic%20Arts"
All time settings: GMT-0500
I thought that originally that it might have been something by the specific site that is causing it, but if it works in GAuth and not 1pass then I can only assume that it might be something with the 1pass app that it is doing something different.
I also tried it in the 1 pass linux desktop app and chrome extension and it is also giving back incorrect codes. (also re-verified the time settings to ensure sync.)
1Password Version: 7.9.2-mobile 8.7.0-desktop
Extension Version: 2.3.3
OS Version: 11-android Ubuntu-21.10-x64 101.0.4951.54-Chrome
Comments
-
Thank you for this. Removing the ?issuer part of the URI fixed the issue. That's a weird thing to have it fail. But hey. Glad its working now. Keeping this info if I run across any other sites 2FA that I experience similar issues with.
Question for 1pass team: If removing the &issuer fixes it, would that point to the sites implementation of 2FA or something specific to 1pass?
0 -
Hey @Rashin !
Sorry for the delay...
Thank you for this. Removing the ?issuer part of the URI fixed the issue.
Great to hear that!
Actually, when adding an OTP code to 1Password, I manually change it to the "CODEPROVIDEDBYSITE" only and never had any issues with that. 😁
0
