There is a possible bug with 2FAS when an app generates a OTP code using a value other than 30 (such as 45 for example) for the time-step value with the SHA1 algorithm, 2FAS fails to scan the QR code and shows a message "This code is incorrect or not supported. Try again.".
While testing other OTP apps, they do not appear to have this issue and can support a time-step value other than 30 seconds.
Solution
No response
Additional context
No response
Acknowledgements
[X] This issue is not a duplicate of an existing bug report.
[X] I understand that security vulnerabilities should be reported to security@2fas.com instead of on GitHub.
[X] I have chosen an appropriate title.
[X] All requested information has been provided properly.
@hoptodesk That's intentional. We're not planning to support other periods. For now at least. They're very rare and we would need to redone some parts of the app like e.g. widgets, which rely on 10s steps.
Bug type
Error at runtime
App version
5.3.5
Device environment
iOS 17.4.1, iPhone 15
Bug description
There is a possible bug with 2FAS when an app generates a OTP code using a value other than 30 (such as 45 for example) for the time-step value with the SHA1 algorithm, 2FAS fails to scan the QR code and shows a message "This code is incorrect or not supported. Try again.".
While testing other OTP apps, they do not appear to have this issue and can support a time-step value other than 30 seconds.
Solution
No response
Additional context
No response
Acknowledgements