![]() Then I had a teammate look at it with me, and he realized that the codes we'd seen on our phones were showing up on my computer minutes later! It should have been obvious, but since the TOTP codes are time-based, it runs on the assumption that your clock is correct. Yesterday, there was another site I wanted to set up and when it was giving me the same issue, I spent some time on it and figured out the issue! I went down the path to trying to see if there were different standards / methods used by different TOTP apps and found the RFC you mentioned above. Thanks for this response! I know it's been a really long time, but I've just dealt with passing codes to my team from my phone for the site discussed in this post. One breach and the bad guys have the whole enchilada. ![]() I wouldn't be surprised if it's a LastPass bug.Īlso FWIW, as I'm paranoid, having the password and the MFA rolled up in one app makes me a bit queasy. Yep, TOTP used by Google, MS, Authy and friends is based on RFC 6238.įWIW, I've found LastPass tends to be flaky.
0 Comments
Leave a Reply. |