This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OTP from Authenticator does not work with Acclaim/Cisco/Google and intermittent with OpenWrt Forum

FormerMember
FormerMember

Hi everyone,

 

Quick question on the Authenticator module of Intercept X for Android. I noticed this back then but didn't pay much attention until today.

 

I enabled 2FA for my account in the OpenWrt forum, and I used Intercept X for my authenticator instead of Google's. When I logged in today, I noticed that the site keeps on saying I entered an incorrect code even if I made sure I typed it within the time it was valid. I waited for it to change and entered a new one then retried, but it still doesn't go through. The first three instances I tried, I was entering the new code during the first half of it's duration (I'm referring to the circle that slowly fills out as the time lapses). Since it didn't go through, I decided to wait for the duration to lapse into the second half and entered the code. By some miracle, the site took it.

 

Now the reason why I decided to ask today is because I have encountered a similar issue before with the Acclaim website by Credly as I have an account there for my digital badges. It worked for a few months then suddenly stopped working, and by that I mean the site keeps on saying the codes generated are incorrect regardless if the code's validity is within the duration or even after. I decided to ignore it at the time so I just disabled 2FA for my Acclaim account. Then after some time, I found time to move my 2FA for my Google account to Intercept X. The setup completed successfully. But when I decided to test it by logging out then logging back in, the problem happens again: keeps on saying the codes are incorrect. I had no choice but to put it back to Google Authenticator. For some reason this problem also happens in my Cisco account. When I try to set it up, it keeps on saying the QR code has something missing and I can't complete the setup. I had no choice but to use Google Authenticator for my Cisco account.  With what happened in my OpenWrt account today, I decided to ask.

 

Is there anyone else encountering this problem with the Authenticator for the sites I mentioned: Acclaim, Cisco, Google and OpenWrt? If so, can you share what you did as a workaround? Thanks in advance.



This thread was automatically locked due to age.
Parents
  • Hi  

    Would you please suggest whether Intercept X for mobile is managed by Sophos Central Mobile or Sophos Mobile on-premise or you are using the application as a free tool?

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • FormerMember
    0 FormerMember in reply to Jasmin

    Hi  

    I'm using it as a standalone app, so it's unmanaged.

  • Hi  

    Would you please confirm that your time setting of the mobile device?

    It should be set to automatic or based on the Network, not the manually set to any time zone as it might cause issues for the authenticator to provide time-based OTP authentication.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • FormerMember
    0 FormerMember in reply to Jasmin

    It's set to automatic, so it pulls the network-provided time and time zone. Authenticator works in Blur (by Abine), Microsoft, (ISC)2 and ProtonMail, which is why I am confused why it doesn't work "universally" with the four sites I have mentioned above.

  • Hi  

    Then probably, there is a compatibility issue with these websites as I can see Cisco defence Orchestrator which is responsible for multi-factor authentication only supports Symantec VIP access, Google authenticator and OneLogin OTP.

    Regards,

    Jasmin
    Community Support Engineer | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • FormerMember
    0 FormerMember in reply to Jasmin

    For Cisco, I can agree with your response. When I scanned the QR code back then, Authenticator said the QR code did not contain something it needed. I can't remember the exact message, but I think it has something to do with a part that forms the complete seed.

     

    However, I'm not sure about that as the only factor affecting it. One of the sites I mentioned where Authenticator works is in (ISC)².  This site, in the process of activating 2FA, has a step explicitly saying to select the app I will use for my two-factor. Sophos is not on the list. The options available were Google Authenticator, Authy and a third option which I can't remember (I think it was Symantec VIP). For this account, I chose Google Authenticator on the selection but in actual it was still Sophos I set up, and surprisingly it worked.

     

    Besides, your documentation explicitly mentioned Google as a site which could use it on. Yet, it does not seem to work. Any ideas on what else could be causing it?

Reply
  • FormerMember
    0 FormerMember in reply to Jasmin

    For Cisco, I can agree with your response. When I scanned the QR code back then, Authenticator said the QR code did not contain something it needed. I can't remember the exact message, but I think it has something to do with a part that forms the complete seed.

     

    However, I'm not sure about that as the only factor affecting it. One of the sites I mentioned where Authenticator works is in (ISC)².  This site, in the process of activating 2FA, has a step explicitly saying to select the app I will use for my two-factor. Sophos is not on the list. The options available were Google Authenticator, Authy and a third option which I can't remember (I think it was Symantec VIP). For this account, I chose Google Authenticator on the selection but in actual it was still Sophos I set up, and surprisingly it worked.

     

    Besides, your documentation explicitly mentioned Google as a site which could use it on. Yet, it does not seem to work. Any ideas on what else could be causing it?

Children