authenticator icon indicating copy to clipboard operation
authenticator copied to clipboard
verified publisher icon Rayquaza01

wrong code generated: Newegg.com

Open apiontek opened this issue 8 years ago • 5 comments

I'm trying to add Newegg.com but it generates incorrect codes. I have many other sites added and they're all generating correctly except for Newegg.com, the 20th site I've added.

Correct Newegg codes are generated on my phone by FreeOTP (Android), and in Google Chrome by the "Authenticator" extension by sneezry.com.

Both were scanned via QR code rather than entering manually, but when I export my keys from the Chrome extension, it reports the same "secret" that Newegg provides for manual entry, which isn't working on this firefox extension.

I added Github after Newegg, in slot 21, and it's wroking fine. It's only Newegg that's generating incorrectly.

I'm not sure how to grab any useful debug information but I'm happy to try!

apiontek avatar Nov 19 '17 21:11 apiontek

Newegg code is only 15 chars long, could that be the issue?

apiontek avatar Nov 20 '17 16:11 apiontek

I wasn't able to reproduce the issue myself, but the secret I got from New Egg was 18 characters long.

Make sure you didn't accidentally cut a few characters off your paste.

Rayquaza01 avatar Nov 20 '17 22:11 Rayquaza01

How odd. If I count the spaces, it's 18 characters, but I've tried it in the extension both with spaces and without and got the same wrong codes both times.

I tried to disable & re-enable 2fa on their site but it keeps giving me the same secret, I can't find a way to make it regenerate a new secret. Maybe I'll contact their tech support, but it's odd that it's working in other totp code generators.

It's even working on https://github.com/WhyNotHugo/totp-cli though I needed to add an "=" at the end of the secret to pad its length to a multiple of eight. I tried that in the extension and it didn't work.

apiontek avatar Nov 20 '17 23:11 apiontek

My account gave 18 characters without spaces. Spaces are actually invalid characters in secret keys, so they get stripped out before generating the code. They're just there to make it easier to type out. I think it's strange that New Egg doesn't seem to provide a way to change secret keys.

One last thing you could try before contacting support to change your secret is reporting the issue to https://github.com/yeojz/otplib, which is the library I'm using to generate the codes. Though, I'm not sure how useful that would be since I wasn't able to reproduce it with a new account.

Rayquaza01 avatar Nov 21 '17 00:11 Rayquaza01

@apiontek @Rayquaza01 Closed ?

Max1Truc avatar Apr 22 '18 15:04 Max1Truc