Geekzone login server rejects 2FA codes faster than desktop Authy generates them.

Forums › Geekzone › Geekzone login server rejects 2FA codes faster than desktop Authy generates them.

Baboon

386 posts

Ultimate Geek

#251652 4-Jul-2019 23:12

But luckily for some reason, iOS Authy generates the same codes a wee bit faster than desktop Authy. Just, and I mean _just_ barely fast enough to not have already been discarded by the Geekzone login server.

I understand the need to discard old 2FA codes, but maybe you should wait for at least a full minute, yeah? :-) This is the very first time I've ever encountered a login server this ultra-zealous with 2FA code discarding. It's kind of funny, but was also really quite annoying till I figured out what the issue was.

Anyway: FYI to the site admins!

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

1 | 2 | 3

473 posts

Ultimate Geek

#2270199 4-Jul-2019 23:37

Maybe your desktop time is not accurate, MFA (OTP) relies on client and server having their times (aprox) synced, that's why the tokens are valid for 30s.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

Baboon

386 posts

Ultimate Geek

#2270204 4-Jul-2019 23:52

All my devices (PC, iOS, Android mobiles) here flipped over to 11:52pm just now. If they're not in sync, it's only by a few seconds. And all set their time via various time servers.

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

michaelmurfy

meow
13215 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2270207 5-Jul-2019 00:22

This is normal. Mauricio and I both experienced different codes on Desktop vs Mobile preventing a login to Geekzone. Appears the Desktop app is buggy.

I've found the Google Chrome extension to be a bit better than the full-fledged Desktop app but if you're like me, and have it running for the entire time your computer has been up for (mine is currently up 48 days, 12 mins) then it gets a little out of sync. You need to fully close Authy and re-open it after about a minute to get it back in sync again.

Else, my experience shows mobile is always accurate. But compare your code on Desktop vs Mobile. If they're different then restart the Desktop client.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Baboon

386 posts

Ultimate Geek

#2270210 5-Jul-2019 00:39

I no longer use the Authy Chrome app, but instead the standalone Windows app for Authy. I close it every time I finish copying a code, as I don't need to re-log into sites often enough at home, to make it worthwhile leaving it open.

Yet I still see about a 28 second differential between desktop Windows Authy and Android Authy on my Pixel 2, tested just now.

Anyway, surely it's not necessary to disallow codes that are less than a minute old? This is Geekzone, not the GCSB. My Geekzone needs are important, sure. I'd be the first to say so *grins* But it's not like we're discussing top secret intel, either :-)

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

Jase2985

13416 posts

Uber Geek

ID Verified

Lifetime subscriber

#2270222 5-Jul-2019 05:41

Baboon: I no longer use the Authy Chrome app, but instead the standalone Windows app for Authy. I close it every time I finish copying a code, as I don't need to re-log into sites often enough at home, to make it worthwhile leaving it open.

Yet I still see about a 28 second differential between desktop Windows Authy and Android Authy on my Pixel 2, tested just now.

Anyway, surely it's not necessary to disallow codes that are less than a minute old? This is Geekzone, not the GCSB. My Geekzone needs are important, sure. I'd be the first to say so *grins* But it's not like we're discussing top secret intel, either :-)

ensure it actually closes, i wondered why my fan was ramped up on my laptop last night and checked task manager to find authy was still open and using 20% cpu.

what you suggest defeats the purpose of 2fa

Baboon

386 posts

Ultimate Geek

#2270224 5-Jul-2019 06:37

Authy Desktop is not still open according to task manager. I don't see how it could be after being closed. Perhaps you're using the Chrome App version?

And if a slightly longer time out for 2FA codes defeats 2FA, then I use 22 other services with 2FA authentication app generated codes that by your definition defeat the purpose of 2FA. As well as several others that deliver the codes other ways, and also don't time out in a crazy short time.

Seriously - if 60 seconds or even a couple of minutes is long enough for your 2FA code to be stolen, you're in an awful lot more trouble than any 2FA can ever save you from :-)

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

Jase2985

13416 posts

Uber Geek

ID Verified

Lifetime subscriber

#2270610 5-Jul-2019 16:53

I just enabled 2fa on my account and im pretty sure the issue lies with the authy desktop app

i tried it with all my accounts the desktop app is about 2 seconds faster than the mobile one and will once the time runs out keep the same code for another 30 seconds, putting it about 28 seconds out so you then have a 2sec window to enter the new code as soon as it changes.

so if you check your phone time to your pc time i think you will find its different by a couple of seconds. manually go in and change the PC time to be that of the phone and then it should work fine.

time need to be in sync for it to work properly

ps i couldnt find an internet time server that would give the same time as what my phone was showing so it could actually be an issue with the mobile not having the correct time.

Baboon

386 posts

Ultimate Geek

#2270621 5-Jul-2019 17:27

Well, I just held my Android phone next to the clock in Windows. Both rolled over to the next minute at the same time.

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

Jase2985

13416 posts

Uber Geek

ID Verified

Lifetime subscriber

#2270636 5-Jul-2019 18:05

and when you compare the authy app onm the phone to the PC does it change that the same/almisty the same time or is it out by a couple of seconds? if it is then one of your times isnt the same on your devices

if it is the same then i have no ideas but it fixed it for me

Baboon

386 posts

Ultimate Geek

#2270661 5-Jul-2019 18:58

As I said earlier, there is a variance of nearly 30 seconds between Desktop and Mobile Authy apps in generating the next code.

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

Dratsab

3946 posts

Uber Geek

Trusted

Lifetime subscriber

#2270665 5-Jul-2019 19:06

I find Authy to be out by about 15 seconds on my phone, so if I'm logging into Geekzone from work and the countdown appears to be this time or less I simply wait for a code refresh.

Jase2985

13416 posts

Uber Geek

ID Verified

Lifetime subscriber

#2270666 5-Jul-2019 19:11

Baboon: As I said earlier, there is a variance of nearly 30 seconds between Desktop and Mobile Authy apps in generating the next code.

close both, then open both and see how much differenc there is, then i imagine when one changes to the next code the other will reload the same code again. when you load it check how much the time differs

when you say nearly 30 seconds, can you be more precise? is it 30 or is it 28, 27 or similar

Baboon

386 posts

Ultimate Geek

#2270688 5-Jul-2019 20:43

Today the differential is 31 seconds, with both apps quit and relaunched.

But again, none of this could ever, nor IME has ever been an issue for me, given only Geekzone's 2FA server discards old codes after only 30 seconds. It's simply too short to be usable.

"The surest sign that intelligent life exists elsewhere in the universe is that it has never tried to contact us."

- Calvin and Hobbes (Bill Watterson)

freitasm

BDFL - Memuneh
79131 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#2270738 5-Jul-2019 21:13

Thanks for all the comments. As mentioned this is something that I have noticed myself. I did not write the 2FA component - we use a third party Windows COM Object Server that does all the encryption, calculations, and 2FA code calculations. The software automatically discard the code and use a new one. I've mentioned this difference between mobile and desktop codes to Authy support before and they couldn't give me a definitive answer besides "logout from desktop, uninstall the software and install again".

For you folks, we keep the time updated on the server and check it every two hours. Currently using the new Cloudflare Time Services (which is also available to use on your PCs). The reason I decided to use this is because of the very low latency between our servers and the Cloudflare POP in Auckland. I also have the same NTP server configured on my desktop at home - and the Authy desktop app always calculates it wrong - 30 seconds behind, despite both my phone and desktop showing EXACTLY the same time, down to the second.

Interestingly, there are other online services I noticed this difference too, and I just end up using my mobile app.

Sorry, this is not the answer you wanted to hear.

Jase2985

13416 posts

Uber Geek

ID Verified

Lifetime subscriber

#2270740 5-Jul-2019 21:17

30 seconds is fine for millions of people on hundreds of different services that use this type of authentication. keeping the code after 30 seconds defeats the purpose of having the 30 second time limit in the first place and is not how this is suppose to work

you seem to be the only one having issues here, it looked like i was having the same issues then i worked out it was a time error between devices, reset the time on the 2 PC's and it was gone.

your symptoms seem almost identical.

+ you havent answered some of the above questions, how much different is the time remaining for the code in the desktop app vs the phone app?

1 | 2 | 3