Two-factor auth code "not valid" while using 1password

[Matt Stevans 6]

I have a Premium account and just set up 2-factor authentication on my Evernote account. When the site displayed the QR code, I scanned it using the 1password browser extension and it auto-entered the produced code successfully. I then went to test the 2-factor auth by signing out of the Evernote website and signing back in. I entered my password successfully. Then when the site asked for the 2-factor auth code, "Enter the code displayed in your Google authenticator app," 1passworded auto-filled the code. When I pressed "Sign in" this message appeared "The code you entered is not valid" and I had to request a text code to complete login.

I see the Evernote 2-factor auth setup site says, "Set up a preferred authenticator app (optional for paid subscribers)," and a premium account is a paid account, so I hope that's not the issue.

[gazumped 12,071]

If Evernote is saying "Enter the code displayed in your Google Authenticator app" and you're responding with 1Password,  I'd suggest you need to be checking with Support to find if that's a correct response,  or 1Password to see if they operate on the same protocol as Google Auth.  I do know that these codes change pretty quickly and sometimes my valid code is no longer valid by the time I've tried to apply it...

[PinkElephant 8,819]

If 1Password is correctly initiated, the 2 factors are the same. I tried it myself, you can set up several apps with the same start data, and compare the codes. They match.

Personally I use Authy as 2FA-app. Philosophically 1Password is not a second factor, if you use it to store the passwords as well. So I tried it to find out, it worked, but I decided for a true second factor instead.

What can be the reason If a code does not work ? The factors are time sensitive (within 30 seconds plus a safety margin). If the time setting of a device is off a little, the code will be wrong. If the time zone is wrong, the code may be wrong.

Then it may be that something went wrong with the setup, so delete everything, and set it up a second time. A third option is to decide for the SMS code instead. It is a little less safe than the code generated by an app, but it is still far safer than not using a 2FA at all.

[ehrt74 240]

i use 1password for the TOTP code for Evernote and it works fine. Sometimes the code expires before i can click on the enter button 😕 Each code is only valid for 30s and is generated from a hash of the current time (in Unix time). This should make it time zone independent (with the possible exception of when you're using Windows, which treats time zones differently from every other operating system i know of)

---

btw TOTP codes are an open standard. see here, if you're interested: https://datatracker.ietf.org/doc/html/rfc6238. all apps for TOTP codes should be compatible

[Matt Stevans 6]

Thanks for insights y'all. I got it to work.

After disabling 2-factor and setting it up from scratch, I learned that 1password keeps all instances of 2-factor code, and pastes the oldest one even when a new one is setup.

Hope this helps others. Cheers!