Two-Step Authentication Not Working Correctly
I got a brand new mobile device today, of course this meant that I needed to migrate all my information from one device over to the other. I disabled two-step authentication on my Firefox account so I can set it up using my new device instead, however I seem to have an issue regarding the QR code and the secret key. Scanning the QR code yields me a code that I have to copy/paste/type into the browser to activate two-step authentication, however the moment I do so it claims that the code is invalid (I double checked the code as well). I figured maybe it was just an inconsistency with compatibility between the device and the authentication application, so I went and tried setting it up on my original device, the results were the same, "invalid code". I tried the "Can't scan code" method and it yielded the same results (not to mention it used the same exact authentication code as the QR method, meaning it wasn't going to work anyways).
The authentication application I am using is the Google Authenticator, the same one that I was using for my Firefox account on my original device to begin with. I have no idea what could possibly be going on with this (it's a tad bit annoying, but hey things do happen so).
All Replies (3)
You need to scan the QR code in an authenticator app on the mobile device or in a suitable Firefox extension and to verify that this works properly yo need to enter the 6 digit TOTP code it generates on the 2FA setup page where you scanned the QR code.
The generated TOTP code is only valid for 30 seconds, so it is important that the device has the correct time and is synchronized via internet.
You can possibly compare the code as generated by a Firefox extension on desktop.
I don't know whether timezone differences or using a VPN or proxy affects how the code is compared (the website could assume local time).
cor-el said
You need to scan the QR code in an authenticator app on the mobile device or in a suitable Firefox extension and to verify that this works properly yo need to enter the 6 digit TOTP code it generates on the 2FA setup page where you scanned the QR code. The generated TOTP code is only valid for 30 seconds, so it is important that the device has the correct time and is synchronized via internet. You can possibly compare the code as generated by a Firefox extension on desktop.
cor-el said
I don't know whether timezone differences or using a VPN or proxy affects how the code is compared (the website could assume local time).
"You need to scan the QR code in an authenticator app on the mobile device..." I already explained that I am using the Google Authenticator application on my mobile device (it's listed in the list of authentication apps as seen here: https://support.mozilla.org/en-US/kb/secure-firefox-account-two-step-authentication)
"The generated TOTP code is only valid for 30 seconds, so it is important that the device has the correct time and is synchronized via internet." Both my PC and my phone use the same date, time, location, etc.
"You can possibly compare the code as generated by a Firefox extension on desktop." I'll give this a go at least to see.
"I don't know whether timezone differences or using a VPN or proxy affects how the code is compared (the website could assume local time)." I am unsure how it works, I don't use VPN so it can't be that, I'll look into other extensions however.