[2FA] Can't authenticate through HOTP with counter 0

cozy / cozy-proxy

This repository was part of CozyV2 which has been deprecated - Cozy authentication and routing layer

https://blog.cozycloud.cc/post/2016/11/21/On-the-road-to-Cozy-version-3

GNU Affero General Public License v3.0

26 stars 31 forks source link

[2FA] Can't authenticate through HOTP with counter 0 #280

Open babolivier opened 8 years ago

babolivier commented 8 years ago

I'm handling this one, it's more a reminder.

When resetting the HOTP counter, it sets the counter to 0 in database. As the condition on the counter for accepting an OTP in HOTP is >, the password with counter 0 can't be accepted, and in case of a change of device the user has to generate two passwords to enter its Cozy instead of one.

babolivier commented 8 years ago

Update: This doesn't only happen after resetting the counter, but also after enabling HOTP. I'll be on it later this weekend.