One Time Passwords do not work #125
Comments
|
Hello @petrsnm, unfortunately this is not the first problem of OTP non working correctly; the feature is not "completely broken" (as every time we try to replicate the problem it has always behaved correctly) but there is definitely something going wrong that we have not identified yet. The problem we have in investigating the issue is multifold:
Unfortunately, all the times we have looked into this problem, we have never been able to reliably reproduce it; and this means we have not been able to fix it. I know I have to try to investigate this issue further, but I don't know when I will be able to do it. Giulio Cesare |
|
Can you at least fully clarify how the OTP value should be typed. Should
the spaces be used? Should the dashes be used?
Also, even with OTP not working, clipperz is one of my very favorite and
most important apps. I have donated via BTC several times to show how much
I like it.
4.9 stars already. 5 stars if OTP worked.
…On Mar 1, 2018 11:28 AM, "Giulio Cesare Solaroli" ***@***.***> wrote:
Hello @petrsnm <https://github.com/petrsnm>,
unfortunately this is not the first problem of OTP non working correctly;
the feature is not "completely broken" (as every time we try to replicate
the problem it has always behaved correctly) but there is definitely
something going wrong that we have not identified yet.
The problem we have in investigating the issue is multifold:
- all data in our DB are encrypted, and so it is not very easy to make
sense of it;
- OTP content is encrypted itself, and as soon as you try to use it
(either with the right user or wrong user) its content is deleted.
Unfortunately, all the times we have looked into this problem, we have
never been able to reliably reproduce it; and this means we have not been
able to fix it.
I know I have to try to investigate this issue further, but I don't know
when I will be able to do it.
Giulio Cesare
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#125 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AF_NLcMSCJtEg_ao1rZ_kdG-ZZzBUVTmks5taCHDgaJpZM4SYjwA>
.
|
|
We have implemented OTP input validation to be as tolerant as possible; you can type in the value with or without spaces; with or without dashes; it also use and encoding that makes similar characters equivalent (zero and 'o' –both capital and lowercase– are handled the same; number one and lowercase 'L'; etc…). We had issues with "weird" hyphen characters being pasted into the OTP field causing a wrong handling of the actual value, but we should have fixed this problem already. Unfortunately there is still something that goes wrong (sometimes) that we haven't been able to put our fingers on yet. We may be getting a new computer using some of the BTC donated by our users; when the new computer will arrive the first task will be to investigate the OTP issues again. Thanks for the support. Giulio Cesare |
|
I, a new user of Clipperz, am having this same problem with OTPs. Whether I include or exclude spaces and hyphens, whether I enter the OTP manually or paste it in, and whether I press Enter or click 'login', the result is always the same: "login failed". I'm using the Brave browser with no extensions. |
|
OTPs are generally sent to your mobile phone an they expire after a few
minutes or so depending on different websites.
There is no point in storing them in you Clipperz account as they will
change every time.
you should store your passwords and any other values that wont change every
time you access the site in to Clipperz.
tip 1. Press the lock symbol without forgetting , so it will be encrypted)
tip 2. Sometimes I store the website address too, so i dont have to
remember them or search again.
Thanks,
Karthik
…On Mon, Dec 30, 2019 at 2:08 PM Jeremy Reeder ***@***.***> wrote:
I, a new user of Clipperz, am having this same problem with OTPs. Whether
I include or exclude spaces and hyphens, whether I enter the OTP manually
or paste it in, and whether I press Enter or click 'login', the result is
always the same: "login failed". I'm using the Brave browser with no
extensions.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#125?email_source=notifications&email_token=AAFVCKNKQ7TR2Q2MLVMIUJDQ3JBLNA5CNFSM4ETCHQAKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEH27HTQ#issuecomment-569766862>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFVCKNE6CKVWFWISVNSEV3Q3JBLNANCNFSM4ETCHQAA>
.
|
|
You seem to be talking about something different, @karthikramas. You're right, of course, that it would not make sense to store time-based TOTP codes such as those generated by Google Authenticator. But the topic here is Clipperz OTP codes, which serve a different purpose. Based on the documentation, each Clipperz OTP code will work in place of the main password but will work only once. What some of us are experiencing is that Clipperz OTP codes don't work at all. |
|
Ok sorry . If I have misunderstood you. Cheer's.
…On Fri, Jan 3, 2020, 11:17 AM Jeremy Reeder ***@***.***> wrote:
You seem to be talking about something different, @karthikramas
<https://github.com/karthikramas>. You're right, of course, that it would
not make sense to store *time-based* TOTP codes such as those generated
by Google Authenticator. But the topic here is Clipperz OTP codes, which
serve a different purpose. Based on the documentation, each Clipperz OTP
code will work in place of the main password but will work only once. What
some of us are experiencing is that Clipperz OTP codes don't work at all.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#125?email_source=notifications&email_token=AAFVCKOXYR3IPBWTTVEDHO3Q35QJBA5CNFSM4ETCHQAKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEIBPOWQ#issuecomment-570619738>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAFVCKNU3FQZSGX7SV5C3ODQ35QJBANCNFSM4ETCHQAA>
.
|
application version:58e89852c32d9258ed43903e1fc929ce900eb118
For the username, I use the same account username as always. For the passcode, I use the OTP.
I've used Firefox, Internet Explorer and Chrome.
I've tried cut and pasting the OTP. I've tried with and without spaces. With and without dashes.
Error logs in the javascript console differ depending on the browser, but the end result is the same: "Login Failed".
Either I'm doing something wrong or the OTP feature is completely broken...
The text was updated successfully, but these errors were encountered: