Popular applications like Google Authenticator use TOTP. This password is entered along with your regular username and password to complete the login process. Your device uses this key, combined with the current time, to generate a unique password that remains valid for a short period, typically 30 seconds. When you set up 2FA on an application, it generates a secret key that is securely shared between the application and your device. Think of TOTP as a time-limited password that keeps changing every few seconds. In this blog post, we will explore how TOTP work and walk you through implementing 2FA using Golang. Two-Factor Authentication (2FA) provides an additional layer of security by requiring users to provide a second form of verification, typically a time-based one-time password (TOTP) or a HMAC-based one-time password (HOTP). We are not small company and not a big one but we have 500+ customers and already have 100+ users provisioned with HOTP method so please tell us with straight words if this is fixable.In an era of increasing online security concerns, implementing robust authentication mechanisms is crucial. We have two separate domains with two servers and the problem is in both of them. That way we will find another product that support logging offline with less problems. If you can't or won't do anything about synching the app again to the server or not letting the problem happen just say so and don't make us use other authentication method. This is happening for around 4 months and they closed the tickets from our local support around 2 times. It is unacceptable by a manufacturer to not wanting to investigate the problem and making the customer do their job. This is forced method of bricking the app but at least i am doing something to test it. This is happening even when the phone and the used OTP is on a machine that is in the network where the server is based. I even made a video and logs how i make the app not functional with generating around 30 OTP and then the app can't be used anymore. TOTP doesn't have that problem from what i could test but we need HOTP problem fixed not switch. The response was that the app becomes out of sync until next re-enrolment and to use TOTP ("Time-based One-time Password"). We did many testing's and collected many logs requested by ESET and our problem was not solved. The last ticket i think it has number CASE_00163501. We contacted our local support and they made several tickets to main support because they were unable to help. We started troubleshooting and find out that the app had to be re-provisioned again with SMS. Please try again." This is very inconvenient and problematic for our customers. The message was "The OTP you entered could not be authenticated. It was random and they were unable to login in their homes and even when they come to the office. So we put Number of offline OTPs to be 100 and everything was good for a while.Īfter a bit of using the app started to have problems with OTP for some of our users. We were thinking that people will have 100 successful logins outside of the office and then they will have to go to the office and login there one time to restock OTP. Please use event-based (HOTP) option to use the offline mode." One of our main goals was having Two Factor Authentication outside of the office where you you login in offline mode and we chose to use HOTP (event-based OTP).Īs said in web console: "Note: Time-based (TOTP) mobile application or hard token OTPs do not work in offline mode. We already have internet security product on all of our customers and we are happy with it. Our organization chose ESET for Two Factor Authentication and it is using it and testing it for a while.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |