TOTP goes haywire on Gandi and Microsoft services.

Governa
Governa
Community Member
edited February 2015 in iOS

I ended up locked out in Gandi.net and my Outlook.com email due to the fact that the TOTP key generated by 1Password for iOS was not the correct one.

It was suggested by Gandi support that I try running 1Password TOTP generator and Google Authenticator in parallel to check if they both generate the same key at the same time. I set them up as suggested and all was fine for 24h. After that period 1Password started generating a key completely different from Google Authenticator, being the last one the correct one.

I've had this happen with only 2 services: Gandi.net and Outlook.com. The remaining services (Google, Tumblr, too many to mention) are still working fine but those 2 will sooner or later go haywire on 1Password.

What could be happening? This is quite serious as I had to go through a very long phone authentication session with Gandi in order to assure them I was the account owner. For the time being I have stopped using 1Password's TOTP until this matter is clarified.

I'm running 1Password 5.2 (502015) for iOS and, if relevant, 1Password 5.1 (510027) for OS X (Mac App Store version). I am aware TOTP doesn't work under OS X, I'm just mentioning it in case it's indirectly playing some part in this problem.

Comments

  • Good morning, @Governa. Thanks for taking the time to write in. I'm sorry for the trouble you ran into with our new TOTP feature. After shipping version 5.2 we did discover a bug in our TOTP implementation where, if a TOTP secret included non-alphanumeric characters (such as spaces) it wouldn't generate the correct one-time password.

    We have submitted version 5.2.1 to the App Store with a fix for this problem, but in the mean time you can check the secret saved for Gandi.net and Outlook.com and make sure it contains only numbers and letters.

    Let me know if that solves the problem for you and if there's anything else we can do for you.

This discussion has been closed.