Stack Overflow
Stack Overflow

Questions tagged [totp]

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

TOTP is based on HOTP with a timestamp replacing the incrementing counter.

The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time interval (TI).

Wiki: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

172 questions
0
votes
1 answer

Does Google Authenticator track user data

I'm considering authentication option and wondered if Google accumulates user data from Google Authenticator? App side? Server side? If so, anyone know what data this is?
MaybeWeAreAllRobots
  • 1,105
  • 2
  • 9
  • 12
0
votes
0 answers

Keycloak Auth OTP SMS SPI: How to set a non form challenge

I am using a keycloak auth Spi with sms auth which works finde for browser flow. My requirement is to use it with direct access grant. Therefor I have to create a formless challenge which conntext the auth session between two requests. I am…
FishingIsLife
  • 1,972
  • 3
  • 28
  • 51
0
votes
0 answers

TOTP implementation with Pyotp

I am using the Pyotp module in order to generate the TOTP code for multi-factor authentication. Is there any way to understand if the URL which I generate the QR code with is scanned by the user or not?
Reza Kazemi
  • 31
  • 3
0
votes
1 answer

What does a PasswordChange with TOTP for Azure B2C look like?

I have an existing Azure B2C solution using custom policies and provides sign up / sign in via AAD, MS Account, Google and Local. I'm now adding TOTP MFA as provided by…
Reuben
  • 4,136
  • 2
  • 48
  • 57
0
votes
1 answer

Time-based OTP does not work on 2 computers using PyOTP

Background I've been working on a project that requires OTP for authentication and I've been able to get it mostly working, except for a few minor details. I've been using PyOTP to use Time-Based OTP codes sent to Google Authenticator for this. The…
user13441977
0
votes
1 answer

How do you "reset" a user's TOTP in Twilio?

I am using Twilio's verify API for TOTP services (Authy, Google Authenticator, etc). I am trying to figure out how to handle the case where a user has lost access to their phone and cannot get past the TOTP 2FA challenge. Can I create a new Factor…
FullMetalEngineer
  • 191
  • 12
0
votes
1 answer

expect script doesn't work on ssh session

I login our company server by ssh, but the server ask my password and otp token. Since i know my otp secret, so i can generate my otp in my script. the prompt looks like this: $ ssh mike@relay.office.com Your password: Your token: let's assume my…
demonguy
  • 1,977
  • 5
  • 22
  • 34
0
votes
1 answer

Is there any way for administrator programmatically drop MFA for the user and let him register new MFA at a other phone? (Azure B2C custom policies)

We have Azure b2C custom policies implemented that support TOTP Multi Factor Authentication via MSFT Authenticator Mobile App from Azure B2C custom policy starter pack. All good except that if the user changes or loses mobile phone there is no way…
Jet Mahanakorn
  • 1
0
votes
1 answer

Get TOTP status from profile at Keycloak

How can I get TOTP status (set or not) for user profile using keycloak-js or API? Tried: keycloak.loadUserProfile().then(x => {...}) // there is no any info about totp keycloak.loadUserInfo().then(x => {...}) // there is no any info about…
jincod
  • 584
  • 4
  • 17
0
votes
0 answers

How to add a new 2fa account without using a second device to generate the QR code

Normal 2fa authentication flow when enabling the service is to have a website where you enable the 2fa, get a QR code and scan it with your totp app (Authy or Google Authenticator). However how should we proceed if we don't have a second screen to…
Anton Banchev
  • 541
  • 8
  • 28
0
votes
1 answer

TOTP, 2FA testing in cypress without 30s wait

Normally, you get single-use TOTP token, and need to wait for 30s for next one. This in not acceptable for tests, tho. Is there any way of skipping TOTP validation during testing or maybe guys you know some solution? I am using cypress software.
Adrian Góra
  • 1
  • 1
0
votes
1 answer

Enable OTP for Federated users in Keycloak

I have an external identity provider (OpenLdap or AD). I configured Keycloak to federate the users form Ldap server. I'd like to enable OTP flow for these users without impoting them in Keycloak's database. Is there any way or procedure to do it ?
mohamed.Yassine.SOUBKI
  • 172
  • 1
  • 9
0
votes
1 answer

RubyGem ROTP expires before the expiry interval

I'm building an OTP and have implemented the ROTP gem. However, the behaviour of the ROTP is not what I expected it to be. For instance, when requesting a ROTP with 30secs of interval at 15:00:14, this will return you an OTP say 212321 at 15:00:30,…
Realizt30
  • 173
  • 2
  • 12
0
votes
1 answer

No exception thrown from Base32 after commons-codec upgrade

I have a TOTP Authenticator project which generates a six-digit one-time password using TOTP (RFC 6238). Internally it uses Base32 class from Apache Commons Codec: Base32 base32 = new Base32(); Following the commons-codec upgrade 1.14 -> 1.15, a…
Boris
  • 22,667
  • 16
  • 50
  • 71
0
votes
2 answers

problem in implementing google authenticator app in c++

i am trying to implement google Authenticator mechanism in c++. i always get different OTP than that of google authenticator. i wonder why ? 1 - i searched and found that google uses HMAC-SHA1 algorithm. but i am suspecious because : almost all…
Ismael W. Mohamed
  • 11
  • 2
1 2 3
11 12