Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1175 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OTP FAIL EVERY 30 DAYS

Christian Garcia2 
Good morning.

I have activated the OTP in an XG XG330 and every 20-30 days I have to reset the QR code as it starts to fail, people cannot connect to the VPN or access the user portal until I delete them and recreate the QR code, once it is reconfigured on their devices, everything works correctly again for 20-30 days.
I have checked in the authentication panel settings and I have not seen any expiration of the QR code.

Any idea why it can happen? 

On my computers I have the "Authenticator" extension installed in Chrome to be able to use the QR code, I have not located any Sophos extension / application for browsers.

Thank you!!


This thread was automatically locked due to age.
Parents
  • 0

    Check the NTP Service on the XG. If the XG is not sync with NTP, the time gets out of sync and will invalid the OTP tokens. 

  • 0 in reply to LuCar Toni 
    It is configured against an NTP server for both the XG and the computers, on some computers they had a 1 minute lag with respect to the XG, but there are many other computers that fail and have the same hour, minute, second as the XG.

The XG OTP has been configured with 30 seconds
  • 0 in reply to Christian Garcia2

    Seems like the OTP Delay is not sync up in your case. I do not have experiences with browser Addons, as i use OTP only on mobile phones. 2FA on the same device makes the 2FA kinda useless, as exploiting the device, you are using, giving you both access (password + the current valid OTP token). Therefore best practice is to use a other device for 2FA, not the same. Its like having a key chain with two keys, needed to open a door, if both keys are on the same keychain, loosing this keychain will give you access and the second key is irrelevant. 

Reply
  • 0 in reply to Christian Garcia2

    Seems like the OTP Delay is not sync up in your case. I do not have experiences with browser Addons, as i use OTP only on mobile phones. 2FA on the same device makes the 2FA kinda useless, as exploiting the device, you are using, giving you both access (password + the current valid OTP token). Therefore best practice is to use a other device for 2FA, not the same. Its like having a key chain with two keys, needed to open a door, if both keys are on the same keychain, loosing this keychain will give you access and the second key is irrelevant. 

Children