PIA VPN and OTP not working past initial sync

Options
gantbd
gantbd
Community Member
edited August 2019 in 1Password in the Browser

Good morning!

Wanted to report that I am having issues using the MFA software token with PIA VPN.

Relevant bits:

  • MacOS 10.14.5
  • Safari 12.1.1
  • 1Password 7.3.1 (Mac App Store version)
  • Safari Extension 7.3.1
  • 1Password sync (not iCloud)

Steps to Reproduce (assumes no MFA setup):

  • login to https://www.privateinternetaccess.com
  • from profile page, enter password and click button to enable MFA
  • select scan QR code and scan
  • enter 1Password generated OTP to sync software token
  • software token is confirmed in PIA
  • software token is saved in 1Password
  • restore codes are saved in 1Password (notes field)
  • logout
  • login using 1Password
  • enter clipboard copied OTP at prompt

Expected Results:

  • successful login using 1Password managed MFA for OTP

Observed Results:

  • software generated OTP does not work
  • restore codes will grant access

Have repeated the above several times with no avail.

1Password Version: 7.3.1
Extension Version: 7.3.1
OS Version: MacOS 10.14.5
Sync Type: 1Password

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Greetings @gantbd,

    When you're setting up 2FA, after you've scanned the QR code and saved does the site require a current 2FA code before it finally enables 2FA? Sites I have any experience with do but I can't figure out how you can reach the point where you immediately need a rescue/restore code if it worked only moments earlier.

    What I would recommend doing is check the system clock. 2FA relies on an accurate system clock and if it's out by even a few seconds it can throw things off. By default most computers should be syncing to a time server so I find disabling and re-enabling will ensure the time is correct. Does that make any difference?

  • gantbd
    gantbd
    Community Member
    Options

    Thanks for the response @littlebobbytables - time is managed by whatever variant of NTP that Apple uses.

    Did not try to reproduce above error, so cannot positively confirm it was clock drift, but I can at least confirm that the service has been bounced and OTP generation seems to be working again. Curiously, it was only with this login that I was having troubles earlier - did check a few others since I migrated everything off of 2STP at the same time, and wanted to sanity check the rest. Considering this sorted out, and now I have a trick in the bag to try should this come up again.

    Thanks!

  • ag_ana
    ag_ana
    1Password Alumni
    Options

    On behalf of littlebobbytables, you are welcome! I am glad to hear that everything is working as expected again :)

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.