Google 2FA - NitroKey Pro

Hi,

I recently bought a NitroKey Pro and wanted to enable it with Google’s 2FA.

I logged into myaccount.google.com and chose the “Google Authenticator” option. Instead of scanning the bar-code, I copied the base32 secret code provided.

Then from the Nitrokey tray app, I created a new slot for Google and pasted in the secret code. You can see the settings I’ve configured in the screenshot below.

After creating this new TOTP, I used the Nitrokey app to generate a verification code.

However, when I go to paste it into the browser window, Google rejects the 6-digit code generated by Nitrokey.

Any help would be appreciated,

Thank you,

Gregory

Check your system’s clock is rigorously accurate. Sometimes, a slight difference late or early can impair the OTP creation.

I also found that it happened to me and that removing the device from the USB port and plugging it back in helped.

Hi,

Thanks for your reply. I’ve double-checked the time settings for my system clock. It’s completely accurate.

I should mention that I already have TOTP setup for other services, including Digital Ocean, ProtonMail and GitHub; using the very same Nitrokey I should add. It’s only Google that’s been giving me bother.

I unplugged the Nitrokey after creating the new TOTP slot and plugged it back in. To no avail unfortunately.

I’m sure my OTP Slot Configuration options are correct.

  • Manage Slots: TOTP
  • Input Format: Base 32
  • Parameters:
    - TOTP Interval: 30 seconds
    - TOTP Length: 6 digits
  • Token ID: none

Below is the pop-up box from Google Account. It displays a secret code of 32 characters in length with spaces. I make sure to copy this without any trailing whitespace.

I also tried HOTP but that didn’t work for Google either…

I managed to use Nitrokey Pro with Google 2FA. I installed Google Authenticator on my Android phone, then in Google (web) dashboard I copied the base32 secret code provided and I entered it into Google Authenticator. I have also entered that password into the Nitrokey Pro OTP slot, with same options of you screenshot.
Once I entered the password into Google Authenticator, it returned me back a passnumber that I inserted into the webpage once I pressed continue (don’t remember the exact word).
Now I am able to use codes generated by Nitrokey Pro, instead of using Google Authenticator application

@gregory Did you solve this issue?

No, unfortunately I did not.

The answer from @germano vaguely suggests that maybe you need to use a code generated by Authenticator initially, then you can use NK generated codes.

I was just about to recommend using FIDO U2F instead (much more secure), but discovered that the Nitrokey Pro does not support this!? Disappointing.

Hello,

now I finally managed to give it a try as well. I normally do not use google…

That is what I did, except that there is no need to remove the whitespaces as they got copied without them anyway. So I pasted the code in a free OTP slot and was able to authenticate with it from then on.

So it is basically

  • Go to https://myaccount.google.com/security#signin
  • Click “2-Step Verification” on the right side
  • Choose Authenticator App as second step (though you won’t need the App itsel)
  • Choose Android -> press on “Cant scan it” below the qrcode to see the key
  • Copy key (whitespaces do not matter) and copy into the field in the nitrokeyapp
  • Click “Next” and follow instructions (but you use nitrokeyapp and not authenticator app to generate keys)

To be honest I have no idea what is going wrong for @Gregory_Kelleher … I am sorry.

Kind regards
Alex

1 Like

Hi @Gregory_Kelleher !

  1. You have not mentioned your environment details. What is your Nitrokey App version and the OS?
  2. Is it possible that Google calculates the TOTP code for different time-zone than you are at the moment? (just a blind guess; TOTP uses UTC time as a rule, App does it too)
  3. Could you verify with another TOTP app (desktop or android) that the same code is produced as with Nitrokey App?

My friends! Is this still possible?!!! Can you still get this base32 code on google? All i see is an applet and that you need to buy a google key? I can pay you if you can show me step-by-step on how to get 2fa on youtube. Just the base32 code!!! Manually! Thanks!!!

How and where do i find the base32 secret code for youtube or google ??? So i can set up the nitrokey? Am i blind? I can’t find it…

Cannot reproduce this without deactivating my Google Authenticator. It is possible that they stopped showing you the code in their UI.

However, as the process requires you to scan the QR Code with your phone, you will always be able to use a QR Code Reader to display the secret code.

You should obviously trust the creator of the QR Code Reader program and the program should be offline useable.

Can you see the QR code or the base32 code?
Or have they removed that all together and having an applet now of annoyance instead? Maybe tied to an google key with closed code?
Or can you see the code, and i’m looking at the wrong places?

Where, or how can i find the base32, 2fa code on youtube or google? I will pay someone to tell me!!! Thanks!
Do they even show an QR code? You are right that you could read that one and get a code as a last try… If that is the case… Google is not making it easy for people! They can start asking for money for 2fa and getting a code instead of buying their keys. This is so lame. “Thanks” for not caring about others security google.
Do you need phone sms verification first, then the code shows or what? can someone see the code? How and where? This has annoyed me hard for months now.

Is it me or google? Why can’t they just show the code?!
“I’m google. Wanna set up 2fa? Ok here is the code for DIY people. OR… Here is another option with our applet and google keys with closed source code.”
That would had been easy. If it’s just me. What am i doing wrong?

OK! So they did block an option before you enable phone 2fa then. Ok. Doh on that one…