google / google-authenticator

Open source version of Google Authenticator (except the Android app)
Apache License 2.0
5.22k stars 968 forks source link

iOS 7 - Added accounts don't save, are wiped when app is removed from taskbar/device is rebooted #277

Open ThomasHabets opened 10 years ago

ThomasHabets commented 10 years ago

Original issue 278 created by stefanmodh on 2013-06-24T20:40:25.000Z:

What steps will reproduce the problem?

  1. Run iOS 7 (Beta 2 as of writing)
  2. Add an account in the app
  3. Reboot device
  4. The added account is no longer saved within the app and will need to be re-added.

What is the expected output? What do you see instead? Accounts should be saved for persistent granting of auth codes, they're not.

What version of the product are you using? On what operating system? iOS 7 Beta 2, iPhone 5 model A1429. Using v1.1.4.757 of the Google Authenticator app

Please provide any additional information below.

ThomasHabets commented 10 years ago

Comment #1 originally posted by daniel.filho on 2013-06-25T23:16:47.000Z:

If it helps, same behaviour for A1428 model

ThomasHabets commented 10 years ago

Comment #2 originally posted by jesse@hollington.ca on 2013-06-27T13:19:11.000Z:

I've noticed the same behaviour, but with a few other problems. I had five separate codes in the Authenticator app; when I opened it after updating to iOS 7 beta 2, all of the descriptions were gone, making it impossible to tell which code is for which account other than by trying to remember what order they were in.

When I opened the app this morning, three of the codes had disappeared completely. I can't really say which three, since the descriptions are missing.

After trying to add a new code, not only did it fail to save, but I lost another of the codes, reducing me down to only one now.

ThomasHabets commented 10 years ago

Comment #3 originally posted by chris@celebhookup.com on 2013-06-27T15:41:43.000Z:

Even worse, it appears that codes will also disappear even if they already existed. I had about 7 codes vanish last night, which is... not good.

ThomasHabets commented 10 years ago

Comment #4 originally posted by Schu@x3sys.com on 2013-06-27T20:04:01.000Z:

I can also say that I have issues with this. Tired to add an account and ended up with all accounts vanish. I was able to recover them by recovering from an iPhone backup. But now I dont have account names under any of the numbers..

ThomasHabets commented 10 years ago

Comment #5 originally posted by burcat on 2013-06-27T20:44:42.000Z:

Same problem here

ThomasHabets commented 10 years ago

Comment #6 originally posted by lesterchan on 2013-06-28T10:40:11.000Z:

Encounter the same issue as the OP. beta 1 works fine though

ThomasHabets commented 10 years ago

Comment #7 originally posted by HolzapfelJ on 2013-06-29T11:48:53.000Z:

Same here also! Reinstall of app did nothing.

ThomasHabets commented 10 years ago

Comment #8 originally posted by lmusielak on 2013-06-29T16:37:36.000Z:

Seeing all issues as stated above. Using beta 2 on 4S.

ThomasHabets commented 10 years ago

Comment #9 originally posted by damianhope on 2013-06-29T17:45:56.000Z:

Same problem here. Beta 2 on 4S as above.

ThomasHabets commented 10 years ago

Comment #10 originally posted by daniel.filho on 2013-06-30T02:02:54.000Z:

You don't need to repeat that the same thing is happening. Just star the issue or add relevant info here.

ThomasHabets commented 10 years ago

Comment #11 originally posted by ricklabanca on 2013-07-01T21:22:51.000Z:

All codes were showing without labels. Ironically came here to post and when using the authenticator they all disappeared. Waaaa. Beta!

ThomasHabets commented 10 years ago

Comment #12 originally posted by billchase2 on 2013-07-02T14:48:44.000Z:

Worked properly on beta 1, but beta 2 removed labels for me as well. However, now my accounts are slowly disappearing from the app! I had 4 of them, yesterday I was down to 3, and now I only have 2 and neither one is for my Google account!

ThomasHabets commented 10 years ago

Comment #13 originally posted by awfulhorse on 2013-07-02T15:54:56.000Z:

If you search the app store for "TOTP" you can find a few alternatives to use until this is fixed.

ThomasHabets commented 10 years ago

Comment #14 originally posted by mjbengx on 2013-07-02T16:03:20.000Z:

The app hasn't been updated since July 2011, I wouldn't hold hope too much from them.

ThomasHabets commented 10 years ago

Comment #15 originally posted by adrianmace on 2013-07-02T16:06:48.000Z:

is there an alternative you can suggest for those who rely on it?

ThomasHabets commented 10 years ago

Comment #16 originally posted by awfulhorse on 2013-07-02T16:12:50.000Z:

The one I chose was HDE OTP https://itunes.apple.com/us/app/hde-otp-generator/id571240327?mt=8

It configures from a qrcode like gauth and allows several accounts to be configured like gauth.

The only thing it doesn't do is let you punch a key into it manually (like you need to do for Facebook). If you want to do that, you must create a key uri like this https://code.google.com/p/google-authenticator/wiki/KeyUriFormat and copy it to your phone's clipboard.

ThomasHabets commented 10 years ago

Comment #17 originally posted by pricesl on 2013-07-02T16:14:36.000Z:

Duo Mobile also offers a TOTP authentication app, and is listed by Dropbox as an alternative.

ThomasHabets commented 10 years ago

Comment #18 originally posted by billchase2 on 2013-07-02T16:27:53.000Z:

I'm making the switch to the Duo Mobile app. Works great, looks great, and is actually being updated by the company. So long, Google Authenticator.

ThomasHabets commented 10 years ago

Comment #19 originally posted by dgrams on 2013-07-02T16:30:03.000Z:

Same issues on iPhone 5 ios 7b2 - descriptions gone at first, now most of my accounts are gone. Edit button doesn't respond.

ThomasHabets commented 10 years ago

Comment #20 originally posted by stefanmodh on 2013-07-02T16:58:48.000Z:

I did some research on alternate authenticators as well, I came to the conclusion that these two works in iOS7 and have plenty of ongoing support by their devs:

Duo Mobile (not universal): https://itunes.apple.com/app/duo-mobile/id422663827

and the aforementioned HDE OTP Generator: https://itunes.apple.com/app/hde-otp-generator/id571240327?mt=8

ThomasHabets commented 10 years ago

Comment #21 originally posted by jesse@hollington.ca on 2013-07-02T17:03:12.000Z:

Another one worth a look is "OTP Auth" -- it was basically the first one I came across, and looked nice and straightforward, although I don't think it's universal either.

They all seem to be pretty functional and more or less do the same things, so it really comes down to a matter of personal preference as to whatever interface you like best.

ThomasHabets commented 10 years ago

Comment #22 originally posted by lucifer.stevenson on 2013-07-03T18:13:44.000Z:

Yes, this is an issue. iPad 4, ios7 Beta 2. iPad console repeatedly throws up message:

iPad Authenticator[2796] : failed to decode, caught ReaderException 'Could not find three finder patterns'

ThomasHabets commented 10 years ago

Comment #23 originally posted by richard@sciur.us on 2013-07-03T18:15:52.000Z:

Switched to Duo Mobile. Free, more elegant, and it works.

ThomasHabets commented 10 years ago

Comment #24 originally posted by NateGillan14 on 2013-07-04T05:48:16.000Z:

How do we get the codes back if they are deleted?

ThomasHabets commented 10 years ago

Comment #25 originally posted by System.in.read on 2013-07-05T19:10:34.000Z:

Another alternative that looks good and works on ios7 is authy https://www.authy.com/, I came across it before the other ones here and have started using it.

ThomasHabets commented 10 years ago

Comment #26 originally posted by gabemunro on 2013-07-08T18:53:09.000Z:

I second Authy. It's a much more elegant solution that actually retains my codes and hasn't left me hanging without access to apps.

ThomasHabets commented 10 years ago

Comment #27 originally posted by herlani.junior on 2013-07-09T05:06:27.000Z:

Update iOS& beta3 and in the name of services appear NULL !!!

ThomasHabets commented 10 years ago

Comment #28 originally posted by mjbengx on 2013-07-09T05:08:50.000Z:

It's quite obvious Google doesn't care. App hasn't been update for more than 2 years now. Seriously, just use any of the other authenticator apps mentioned above and save yourself the trouble and grief. I've changed to HDE authenticator and am very happy with how it looks and function. So much better than GA!

ThomasHabets commented 10 years ago

Comment #29 originally posted by Clint.Jones.Tx on 2013-07-09T14:05:08.000Z:

Same happened to me last night with 8 linked accounts. i have a job ahead just to get back in to each of them. Thanks for the suggestions on the alternatives.

I went with Authy after seeing someone reported that OTP Auth sends traffic to "flurry.com" an ad network.

Authy works great and has a token backup feature.

ThomasHabets commented 10 years ago

Comment #30 originally posted by awfulhorse on 2013-07-09T15:30:35.000Z:

Authy seems really good! It seems to have an iOS 7 bug where you can't manually enter a secret, but if you make a key uri like this https://code.google.com/p/google-authenticator/wiki/KeyUriFormat and generate a qrcode from that, you can add things like Facebook anyway.

ThomasHabets commented 10 years ago

Comment #31 originally posted by birgerjn on 2013-07-09T18:30:51.000Z:

Authy did the trick :) Thank you!

ThomasHabets commented 10 years ago

Comment #32 originally posted by erik.ilves on 2013-07-10T12:40:47.000Z:

Google, please update the authenticator! Using IOS 7 Beta 3 and it forgets the sites! Name fields which site the code corresponds also disappears. And fix the edit button already! This issue has even been on ios6, first you have to click legal information and then you can edit!

Quoting Jeremy Clarkson "how hard can it be?"

ThomasHabets commented 10 years ago

Comment #33 originally posted by cloessl on 2013-07-22T13:48:30.000Z:

Authy and HDE OTP are not open source. Has anyone found a good open alternative?

ThomasHabets commented 10 years ago

Comment #34 originally posted by phyrdaus on 2013-07-27T10:19:48.000Z:

i moved my codes to Authy (https://www.authy.com) they support google authenticator codes as well and has a backup in case you change devices.

ThomasHabets commented 10 years ago

Comment #35 originally posted by chatfielddaniel on 2013-07-27T10:20:27.000Z:

I'm curious what your reasons are for wanting an open source app. If it is a security issue (make sure it isn't sending your secret somewhere) then surely someone could open source their app but still release malicious code and because it is encrypted you wouldn't know that the source they release is different from the source that they have under open version control.

ThomasHabets commented 10 years ago

Comment #36 originally posted by chris@heavymark.com on 2013-07-28T18:12:47.000Z:

Highly recommend Authy. Looks and works beautifully and is also free. Works perfect on iOS6 and iOS7 and fully compatible with Dropbox, Facebook, CloudFlare, Google, Amazon and Stripe.

ThomasHabets commented 10 years ago

Comment #37 originally posted by cloessl on 2013-07-28T20:43:54.000Z:

Authy is the one I definitely not want to use because they store your seed on their server (if I understood it correctly) and this is definitely NOT what I want. I want 2 step auth. because I want it more save and not an american company saving my seeds on their server.

@# 35 I can always compile it myself -> don't have to fair that the version in the store is different than the source. And checking through the source for network activity is easier than running the program in a sandbox and waiting for it to transfer data.

ThomasHabets commented 10 years ago

Comment #38 originally posted by cloessl on 2013-07-28T20:45:13.000Z:

Authy is the one I definitely not want to use because they store your seed on their server (if I understood it correctly) and this is definitely NOT what I want. I want 2 step auth. because I want it more save and not an american company saving my seeds on their servers.

@# 35 I can always compile it myself -> don't have to fear that the version in the store is different than the source. And checking through the source for network activity is easier than running the program in a sandbox and waiting for it to transfer data.

ThomasHabets commented 10 years ago

Comment #39 originally posted by chatfielddaniel on 2013-07-28T20:58:17.000Z:

"I can always compile it myself" <- yeh, but you don't compile your own copy of Google Authenticator do you so unless you actually did that's kind of a mute point.

"store your seed on their server"

That is an option, you don't have to do that.

ThomasHabets commented 10 years ago

Comment #40 originally posted by jhatrs on 2013-07-28T21:05:36.000Z:

The fact that Authy simply will not work without first creating an account is reason enough not to use it. I don't want an account with you, I don't want my activity logged by you, I don't want you to store anything for me. I just need a tool to generate TOTP passwords. WTF!

ThomasHabets commented 10 years ago

Comment #41 originally posted by cloessl on 2013-07-28T22:16:52.000Z:

@# 39 I send an email to their support. As far as I understand their reply (see below) it's not an option + I send an encrypted mail to them and received an unencrypted mail. Doesn't seem so trustworthy to me.

@# 40 exactly.

A part from their support email:

... To answer your question we need your phone number to be able to securely recover your account if you lose or upgrade your phone. If you don’t want to provide it you can try using Google Authenticator which does not require one. ...

From that I get that they can always recover the seeds that I used for TOPT and I just don't want any company (of course if I want to auth with dropbox they need the seed as well but beside dropbox...) company to store my seeds.

ThomasHabets commented 10 years ago

Comment #42 originally posted by chatfielddaniel on 2013-07-28T22:25:18.000Z:

When did you send this?

Have you tried the app (even on a random seed)?

The app clearly asks you whether you want to enable backups or not, if you don't then the seed never leaves your phone. The app does require a phone number regardless of whether you are going to use the backup or not (which could be a concern for some I suppose).

And the backups are encrypted locally using a key you specify before being sent to authy.

ThomasHabets commented 10 years ago

Comment #43 originally posted by pricesl on 2013-07-28T22:26:56.000Z:

cloessl: Write your own app then. You used Google Authenticator and they do not have the most stellar record for privacy.

ThomasHabets commented 10 years ago

Comment #44 originally posted by cloessl on 2013-07-28T22:58:14.000Z:

@# 42 22.07

I tried the app. Got stuck at the sign up screen and wrote the mail to the support. The answer + account signup scared me off -> don't wanna use the app (Starting to repeat myself)

@# 43

I don't want to start an open vs. close sourced discussion now. I just asked if anyone knows an open source alternative because I don't wanna write my own application. And so far I trusted google at least to put the same code in the store than they open source and if you take it this way... I shouldn't use an closed source iPhone either. So yeah. It's not 100% bulletproof but authy just does not seem to be the company for me (your milage may vary)

And we derailed enough now.

ThomasHabets commented 10 years ago

Comment #45 originally posted by ricklabanca on 2013-07-28T23:05:42.000Z:

It's hard to trust. New vendor. I removed,authy because of the login... login is not a smart idea for this protocol, which is,supposed,to be implemented as google did, stand alone. For security open source is the best way to go, no question. Scrutiny for errors is one huge reason.

ThomasHabets commented 10 years ago

Comment #46 originally posted by awfulhorse on 2013-07-28T23:08:48.000Z:

I'm just going to drop this in here

http://4sysops.com/archives/is-truecrypt-trustworthy/

ThomasHabets commented 10 years ago

Comment #47 originally posted by mvoshell on 2013-08-21T22:42:38.000Z:

I have the same issue. Once i reluanch the app the accounts are missing and all labels are gone. This app seems to have gotten lost and still has the old styling... they did the same with picasa and its on the choping block.. is google auth next?

ThomasHabets commented 10 years ago

Comment #48 originally posted by JoelDJones on 2013-08-22T13:29:16.000Z:

Same issue - if you close the Google Authenticator app from the system tray, all the codes are wiped. Installed Duo Mobile until the app is updated. Probably won't be at least until iOS 7 is rolled out for everyone though.

ThomasHabets commented 10 years ago

Comment #49 originally posted by thijsvanulden on 2013-08-29T16:04:38.000Z:

Same issue. iOS 7 iPhone 4S.

ThomasHabets commented 10 years ago

Comment #50 originally posted by simond@irrelevant.org on 2013-09-04T04:33:56.000Z:

Just wait until you install the latest update, it wiped all my accounts on iOS6...