![]() Using HOTP for authentication offers several advantages over traditional password-based authentication methods. It secures sensitive information and prevents identity theft in government services.Īll of the authentication apps like Google Authenticator, Microsoft Authenticator, and Authy use TOTP and HOTP methods for generating One time codes. HOTP safeguards financial transactions and prevents unwanted access to accounts in online banking. It can function as a stand-alone authentication technique or in combination with other factors such as passwords or biometrics. We are not small company and not a big one but we have 500+ customers and already have 100+ users provisioned with HOTP method so please tell us with straight words if this is fixable.Various businesses that require high security, such as online banking, government services, and healthcare, can utilize HMAC-Based OTPs. We have two separate domains with two servers and the problem is in both of them. That way we will find another product that support logging offline with less problems. If you can't or won't do anything about synching the app again to the server or not letting the problem happen just say so and don't make us use other authentication method. This is happening for around 4 months and they closed the tickets from our local support around 2 times. It is unacceptable by a manufacturer to not wanting to investigate the problem and making the customer do their job. This is forced method of bricking the app but at least i am doing something to test it. This is happening even when the phone and the used OTP is on a machine that is in the network where the server is based. I even made a video and logs how i make the app not functional with generating around 30 OTP and then the app can't be used anymore. TOTP doesn't have that problem from what i could test but we need HOTP problem fixed not switch. The response was that the app becomes out of sync until next re-enrolment and to use TOTP ("Time-based One-time Password"). We did many testing's and collected many logs requested by ESET and our problem was not solved. The last ticket i think it has number CASE_00163501. We contacted our local support and they made several tickets to main support because they were unable to help. We started troubleshooting and find out that the app had to be re-provisioned again with SMS. Please try again." This is very inconvenient and problematic for our customers. ![]() The message was "The OTP you entered could not be authenticated. It was random and they were unable to login in their homes and even when they come to the office. ![]() So we put Number of offline OTPs to be 100 and everything was good for a while.Īfter a bit of using the app started to have problems with OTP for some of our users. We were thinking that people will have 100 successful logins outside of the office and then they will have to go to the office and login there one time to restock OTP. Please use event-based (HOTP) option to use the offline mode." One of our main goals was having Two Factor Authentication outside of the office where you you login in offline mode and we chose to use HOTP (event-based OTP).Īs said in web console: "Note: Time-based (TOTP) mobile application or hard token OTPs do not work in offline mode. We already have internet security product on all of our customers and we are happy with it. Our organization chose ESET for Two Factor Authentication and it is using it and testing it for a while.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |