2FA no longer working for me at one site (two factor authentication)
For some reason Amazon is no longer accepting my two factor authentication codes from 1Password. I moved over from Authy to 1Password some time ago and it's worked fine for months, but this weekend my 1Password codes no longer work while my Authy ones still do. I can't pinpoint when it stopped working as I haven't needed it for a little while. Some browsers are marked as trusted so I don't always have to use a code, and there have also been numerous updates to the various 1Password apps in the interim since the last time I happened to need it. It looks like all my 1Password versions show the same 2FA code at the same time (Mac, iPad, iPhone) but they are no longer being accepted by Amazon. The error is
"There was a problem
The code you entered is not valid. Please try again."
Note that I just logged into my Dropbox account and my 1Password 2FA code worked just fine, so it looks like it's only this one account and not a larger thing wrong with 1Password as a whole.
My first thought was to delete the 1Password authentication from my Amazon account but it doesn't look like you can do that with individual authenticators. I didn't want to try re-adding it as that might make things worse due to having two of the same authenticators. I could completely disable 2FA at Amazon and then reenable it but that's a bit of a hassle, although I'm certainly willing to do so if needed. Just seems odd that it worked fine for months and then just stopped working a few days ago, and if didn't happen to have kept my Authy app on my iOS devices this would've been a much larger problem. Still makes me a bit nervous though to have this stop working.
Just as a totally separate issue, the support forum could maybe use a Security section. This isn't a Mac-specific issue as it happens on all my devices but there wasn't really any place better that I could find. It's not a filling-in-browsers issue as those are mostly about the extensions. I did a search to see if there was a spot for this and there are 2FA questions sprinkled all over the forum (and one time password issues as well). Just a thought, although I could certainly have missed a better place to post this.
Thanks.
1Password Version: 1Password 6 Version 6.8.1 (681006) AgileBits Store
Extension Version: 4.6.6
OS Version: macOS 10.12.6
Sync Type: subscription
Referrer: forum-search:2FA no longer working at one site (two factor authentication)
Comments
-
Hi @selgart -- I'm sorry to hear you're having trouble with your Amazon TOTP codes. Can I ask: do you perhaps have one or more spaces in your TOTP code migrated from Authy? We're currently chasing a bug with this issue, so since this is happening for you at only one site, I'm taking a shot in the dark and wondering if perhaps that's the issue?
0 -
Suffering the same problem with Amazon AWS and no other sites. Have to enter two codes to re-sync after a day or two. Just installed authy again and immediately notice that 1password is already 2 seconds ahead of authy on code change and countdown.
0 -
HI @sublocale -- sorry to hear you're having this difficulty with your Amazon AWS 2SV code. We're chasing a bug with this, as I mentioned to selgart -- but I'm wondering if you can shut off 2SV at AWS temporarily and then turn it back on? Sometimes, it has to do with characters contained in the code itself. I can't promise that will work, but it's worth a shot. Let us know how that goes for you.
0 -
I did that after reading the first post and used the camera to rescan the code in both authy and 1p. 1p is now a full three seconds ahead.
0 -
@sublocale -- I'm afraid I don't have anything useful to tell you at this point, other than that we're aware of the issue and working on a solution. I'd recommend for the time being that you use an alternate method of 2SV for Amazon AWS. Sorry we couldn't be of more immediate help!
0 -
Thanks
0 -
@sublocale -- you're quite welcome. Keep an eye on updates, that's where you'll see a fix (and in beta first, if you're up for that). Cheers!
0 -
Any updates on this annoying issue? I have lots and lots of 2-factor fields in 1Password and they all work great, except Amazon. I set it up and it tends to work for a few weeks, and then dies. If I remove it from Amazon and set it up again, it works for a while again and then suddenly stops. It's maddening. :-(
0 -
@jacobgraf - I'm sorry for the inconvenience. Can you tell me what version of macOS, of 1Password, and of 1Password extension you're using (as well as what browser(s))? Thanks.
0 -
I've already gone over this in previous tickets, the problem is obviously with something specific to 1Password and Amazon and not my specific system, but here it is again.
macOS Mojave 10.14.1
1Password 7.2.1 (70201002)
1Password Extension 4.7.3.90
Chrome 70.0.3538.77 (Official Build) (64-bit)It's worth noting, it happens across all browser and all devices so again, it is an issue with the 2-factor token stored in the 1Password entry. Most likely it's something to do with the time sync between 1Password and Amazon servers. ¯_(ツ)_/¯
All I know is that it's annoying and I constantly have to fallback to SMS for Amazon tokens which is a pain once you get used to having them built right into 1Password.
0 -
@jacobgraf: I don't know what you mean by "previous tickets". I don't see any other posts from you related to this. If there's some additional context I should be looking at, please direct me to it.
To be clear, 1Password does not have a "time sync", so the issue would either be with Amazon's server (astronomically unlikely, or millions more would be having the same problem) or with your device's date/time/zone settings. This is most common on Wi-Fi-only devices, but I've seen it on others as well. Set it manually if you have to, according to the atomic clock:
That seems to still work here. Very few things these days have an accurate timekeeping mechanism these days (your phone won't have quartz in it), and it can drift due to that and electrical variance over time -- which seems to be what you're describing here:
I set it up and it tends to work for a few weeks, and then dies.
1Password does not have an analog mechanism that will deteriorate over time, and it does not handle that itself anyway.
0 -
Here is the previous ticket ID #USS-54188-557
I am on a Mac with time auto-synced to Apple's NTP server.
I realize the time doesn't deteriorate, but I find it weird that if I set it up, it works for a while and then eventually stops working.
0 -
Here is the previous ticket ID #USS-54188-557
@jacobgraf: Thanks! I don't see anything relevant there though. Greig asked you for some additional information over a year ago and never heard back from you.
I am on a Mac with time auto-synced to Apple's NTP server.
Right. Your Mac doesn't have a cellular connection, which can help with time sync, so it relies on occasional checks over Wi-Fi or Ethernet. Please set the correct time manually, as I suggested above, the next time you encounter the issue, and let me know if that helps.
I realize the time doesn't deteriorate, but I find it weird that if I set it up, it works for a while and then eventually stops working.
Gotcha. Thanks for clarifying.
ref: USS-54188-557
0 -
Hello. I hate to re-open a stale topic, but since there's no resolution to this one and I'm experiencing it as well, I was hoping to see if there is an update. Today I re-synced my 2FA with amazon for the third time in as many months.
Giving you my version info even though it seems like a time thing.
macOS 10.14.5
1Password 7
Version 7.3 (70300020)
iOS Version 7.3.1
Safari 12.1.1On my end, I'm going to sync a pair of 2FAs (google's authenticator and 1pw) with the same page on Amazon and see if I can observe a drift.
0 -
@caesararum: It's not something there can be a resolution for on our end, since, as mentioned above, TOTP (Time-based One-Time Password) depends on your device date/time/zone settings for the code being generated to be valid. 1Password doesn't "sync" these codes; it simply takes your saved TOTP secret in the Login (which does not change) and uses the TOTP algorithm to transform that into a code you can use. I'd recommend setting your time manually on devices just to be sure if you've been having trouble with this: https://time.is
0
