Rayquaza01 / authenticator

Firefox addon that generates TOTPs for 2 factor authentication
https://addons.mozilla.org/en-US/firefox/addon/two-factor-authenticator/
MIT License
34 stars 7 forks source link

wrong code generated: Newegg.com #9

Open apiontek opened 7 years ago

apiontek commented 7 years ago

I'm trying to add Newegg.com but it generates incorrect codes. I have many other sites added and they're all generating correctly except for Newegg.com, the 20th site I've added.

Correct Newegg codes are generated on my phone by FreeOTP (Android), and in Google Chrome by the "Authenticator" extension by sneezry.com.

Both were scanned via QR code rather than entering manually, but when I export my keys from the Chrome extension, it reports the same "secret" that Newegg provides for manual entry, which isn't working on this firefox extension.

I added Github after Newegg, in slot 21, and it's wroking fine. It's only Newegg that's generating incorrectly.

I'm not sure how to grab any useful debug information but I'm happy to try!

apiontek commented 7 years ago

Newegg code is only 15 chars long, could that be the issue?

Rayquaza01 commented 7 years ago

I wasn't able to reproduce the issue myself, but the secret I got from New Egg was 18 characters long.

Make sure you didn't accidentally cut a few characters off your paste.

apiontek commented 7 years ago

How odd. If I count the spaces, it's 18 characters, but I've tried it in the extension both with spaces and without and got the same wrong codes both times.

I tried to disable & re-enable 2fa on their site but it keeps giving me the same secret, I can't find a way to make it regenerate a new secret. Maybe I'll contact their tech support, but it's odd that it's working in other totp code generators.

It's even working on https://github.com/WhyNotHugo/totp-cli though I needed to add an "=" at the end of the secret to pad its length to a multiple of eight. I tried that in the extension and it didn't work.

Rayquaza01 commented 7 years ago

My account gave 18 characters without spaces. Spaces are actually invalid characters in secret keys, so they get stripped out before generating the code. They're just there to make it easier to type out. I think it's strange that New Egg doesn't seem to provide a way to change secret keys.

One last thing you could try before contacting support to change your secret is reporting the issue to https://github.com/yeojz/otplib, which is the library I'm using to generate the codes. Though, I'm not sure how useful that would be since I wasn't able to reproduce it with a new account.

Max1Truc commented 6 years ago

@apiontek @Rayquaza01 Closed ?