twofactor_totp icon indicating copy to clipboard operation
twofactor_totp copied to clipboard

Published 20 hours ago • verified publisher icon nextcloud

Displays in Google Authenticator

Open copenhaus opened this issue 8 years ago • 9 comments

Hi.

When I snap the barcode with my Google Authenticator, on the bottom it displays the Federated Cloud ID.

If I were to setup/enable 2FA settings on multiple accounts on my Google Authenticator, I can't tell the differences...

Can the display of Federated Cloud ID be changed to username?

Thanks....

copenhaus avatar Feb 01 '17 18:02 copenhaus

What does your federated cloud ID look like? I chose to use it because it's pretty unique, also if you're using many NC accounts.

ChristophWurst avatar Feb 01 '17 19:02 ChristophWurst

[email protected] me, it's like going to a website using its IP address (http://88.198.160.129), instead of FQDN (http://www.nextcloud.com)...IMHO...

copenhaus avatar Feb 01 '17 21:02 copenhaus

Ouch. I guess that's not the login name you're using to log on, is it? Does your instance use LDAP as user backend? I wonder where that long username comes frome …

ChristophWurst avatar Feb 01 '17 22:02 ChristophWurst

yes, my NC is integrated with Windows AD through LDAP.

copenhaus avatar Feb 01 '17 22:02 copenhaus

@blizzz any idea whether the federated cloud id should look like this when using an LDAP back end or this is caused by misconfiguration?

ChristophWurst avatar Feb 06 '17 18:02 ChristophWurst

@copenhaus As a work around, you could switch to FreeOTP (rather than Google Auth) for your TOTP client; it allows you to rename the metadata fields on each OTP entry. Also, FreeOTP is FOSS (written by RedHat/Fedora), where as I believe Google Auth is closed source (or what they have open-sourced is out of date), and is available on iOS and Android (one less userguide to write for your users ;-) ).

Not a permanent solution, but at least it helps. I'd be interested to see the resolution, I'm seeing the same behavior,

mddeff avatar Feb 08 '17 16:02 mddeff

@blizzz any idea whether the federated cloud id should look like this when using an LDAP back end or this is caused by misconfiguration?

@ChristophWurst federated cloud it is always username@server and by default usernames are created of the UUID of the LDAP record, so, yes, this looks correct.

However, I believe we have a dirty hack in place that allows you to use your loginname instead, and it will be transformed by the server… but this is very dirty, very ugly 🙊

blizzz avatar Feb 15 '17 09:02 blizzz

Labeling as enhancement because this only effects the name of the secret in your smartphone's app. The TOTP functionality should not be effected.

ChristophWurst avatar Mar 06 '17 10:03 ChristophWurst

When you're serious about 2FA/TOTP, use Mufri's "Authenticator Plus" (paid) app. You may change icons, label, overall look, add another security layer accessing TOTP (e.g. using Fingerprint), etc. and it can BACKUP all your secrets (complete config), so that you may reinstall on another phone. (Well, backup is important if you do NOT use a rooted phone.

nursoda avatar Mar 07 '17 14:03 nursoda