none
Any plan to support TOTP parameters or reject unsupported parameters? RRS feed

  • Question

  • I recently scanned a totp QR code in the microsoft authenticator app since I already was using the app to authenticate at work. The generated codes, however, did not work . The QR code is correct, as scanning it in FreeOTP and using the code from that app worked fine.

    After some investigation I discovered that the QR code I had uses sha512, 6 digit, 30 second duration, while apparently, the microsoft authenticator app ignores these parameters and uses SHA1, 6 digit and 30 seconds by default. I stand to be corrected, and I am referring to this link (https://social.technet.microsoft.com/Forums/en-US/862fa575-468a-452c-b3cb-821bb054394e/does-the-microsoft-authenticator-app-support-the-digits-algorithm-and-period-fields?forum=MicrosoftAuthenticatorApp).

    I am using an Android 8 device with microsoft authenticator app version 6.3.10.

    Is there any plan to either support these algorithms or at least reject QR codes that do not match the expected parameters? It is very misleading to accept QR code to then generate wrong codes, causing confusion and wasted time troubleshooting.

    If the code is available on github I would be more than happy to contribute a pull request, but AFAIK this app is closed source.



    • Edited by brianvell Monday, December 3, 2018 10:09 AM
    Monday, December 3, 2018 10:01 AM