TOTP for login in shared vault generates different tokens for individual users
My coworkers and I use 1pw vaults to share account logins for various services, including using TOTP for shared MFA.
Recently we've been having issues with the TOTP field generating incorrect tokens.
At first I thought it might be a timing issue and that the tokens were just expired.
Upon investigation, I discovered that the tokens on his machine were consistently different from the tokens on my machine.
To further complicate matters, restarting 1pw appeared to fix the issue on my coworker's machine, but shortly thereafter the tokens generated on my machine were rejected as invalid.
Any insight on what could be causing this issue and how to guarantee that TOTP in shared vaults are consistent across users machines? This problem has me concerned as we heavily rely on 1pw and the shared TOTP feature has enabled us MFA on shared accounts. If we can't be certain that the tokens are correct we will have to find a different tool to manage MFA.
Comments
-
I have found time/clock drift on the machine is often the issue in such situations. I would start by checking to see that the computers/devices clocks are the same. I would recommend checking they all connect to a good, reliable NTP server. However, there have been cases where internal clocks would drift even in new OS's, so I would also recommend checking that you're up to date on all software updates.
0
