Two Factor Authentication Issue

Question

We have an XG 135 running firmware SFOS 18.0.4 MR-4. 
 Recently we have been testing two factor authentication, with the automatically generated 30 second keys. This has been working for a few people. 
 Today we had the idea to increase the key timeout from 30 seconds to 60 seconds, and created manual keys under "Authentication / One-time password". This worked for me but one of my colleagues has reported that they can't login with it (after scanning the new QR code into the authentication app), and I see a "because of wrong credentials" error in the logs. If they use the original auto generated 30 second key it works, and if they use an emergency key it works. Another colleague does not have this issue and I see no difference between the way that they keys were created. 
 Can you please help us to troubleshoot? 
 Regards, 
 Alan

Alan Spark · Answer

Hi Yash, 
 We tried this and it was reporting either + or - 2.5 million seconds out! 
 This was using Google Authenticator (on Android) and it turns out that this is a known issue with any time step other than 30 seconds: https://support.sophos.com/support/s/article/KB-000036749?language=en_US 
 I tried with Google Authenticator on my iPhone and got an "Invalid barcode" error (even with the default 30 seconds) so I am forced to use the Sophos Authenticator app. 
 It would be good if these issues could be fixed at some point but we will use the Sophos app for now. 
 Regards, 
 Alan

Two Factor Authentication Issue

Top Replies