Google 2FA - NitroKey Pro

gregory 2017-06-04 18:12:08 UTC #1

Hi,

I recently bought a NitroKey Pro and wanted to enable it with Google's 2FA.

I logged into myaccount.google.com and chose the "Google Authenticator" option. Instead of scanning the bar-code, I copied the base32 secret code provided.

Then from the Nitrokey tray app, I created a new slot for Google and pasted in the secret code. You can see the settings I've configured in the screenshot below.

After creating this new TOTP, I used the Nitrokey app to generate a verification code.

However, when I go to paste it into the browser window, Google rejects the 6-digit code generated by Nitrokey.

Any help would be appreciated,

Thank you,

Gregory

karthanistyr 2017-06-04 21:18:17 UTC #2

Check your system's clock is rigorously accurate. Sometimes, a slight difference late or early can impair the OTP creation.

I also found that it happened to me and that removing the device from the USB port and plugging it back in helped.

gregory 2017-06-04 21:51:55 UTC #3

Hi,

Thanks for your reply. I've double-checked the time settings for my system clock. It's completely accurate.

I should mention that I already have TOTP setup for other services, including Digital Ocean, ProtonMail and GitHub; using the very same Nitrokey I should add. It's only Google that's been giving me bother.

I unplugged the Nitrokey after creating the new TOTP slot and plugged it back in. To no avail unfortunately.

I'm sure my OTP Slot Configuration options are correct.

Manage Slots: TOTP
Input Format: Base 32
Parameters:
- TOTP Interval: 30 seconds
- TOTP Length: 6 digits
Token ID: none

Below is the pop-up box from Google Account. It displays a secret code of 32 characters in length with spaces. I make sure to copy this without any trailing whitespace.

I also tried HOTP but that didn't work for Google either...

germano 2017-06-07 15:40:57 UTC #4

I managed to use Nitrokey Pro with Google 2FA. I installed Google Authenticator on my Android phone, then in Google (web) dashboard I copied the base32 secret code provided and I entered it into Google Authenticator. I have also entered that password into the Nitrokey Pro OTP slot, with same options of you screenshot.
Once I entered the password into Google Authenticator, it returned me back a passnumber that I inserted into the webpage once I pressed continue (don't remember the exact word).
Now I am able to use codes generated by Nitrokey Pro, instead of using Google Authenticator application

jan 2017-06-26 15:16:59 UTC #5

@gregory Did you solve this issue?

Gregory_Kelleher 2017-07-07 20:54:07 UTC #6

No, unfortunately I did not.

jonf3n 2017-08-29 14:12:37 UTC #7

The answer from @germano vaguely suggests that maybe you need to use a code generated by Authenticator initially, then you can use NK generated codes.

I was just about to recommend using FIDO U2F instead (much more secure), but discovered that the Nitrokey Pro does not support this!? Disappointing.

nitroalex 2017-09-15 12:24:00 UTC #8

Hello,

now I finally managed to give it a try as well. I normally do not use google…

That is what I did, except that there is no need to remove the whitespaces as they got copied without them anyway. So I pasted the code in a free OTP slot and was able to authenticate with it from then on.

So it is basically

Go to https://myaccount.google.com/security#signin
Click “2-Step Verification” on the right side
Choose Authenticator App as second step (though you won’t need the App itsel)
Choose Android -> press on “Cant scan it” below the qrcode to see the key
Copy key (whitespaces do not matter) and copy into the field in the nitrokeyapp
Click “Next” and follow instructions (but you use nitrokeyapp and not authenticator app to generate keys)

To be honest I have no idea what is going wrong for @Gregory_Kelleher … I am sorry.

Kind regards
Alex

szszszsz 2017-09-18 10:42:32 UTC #9

Hi @Gregory_Kelleher !

You have not mentioned your environment details. What is your Nitrokey App version and the OS?
Is it possible that Google calculates the TOTP code for different time-zone than you are at the moment? (just a blind guess; TOTP uses UTC time as a rule, App does it too)
Could you verify with another TOTP app (desktop or android) that the same code is produced as with Nitrokey App?