Dianoga Posted November 19, 2019 Report Share Posted November 19, 2019 (edited) I updated to the latest version of Enpass this morning and it appears there is an issue with TOTP generation. All my accounts that have a secret stored are now reporting "Invalid TOTP Secret". I tried disabling 2fa for one of those accounts and setting it up again with the same result. I have backup codes I can use for a very brief period, but this is a pretty significant issue. Additional info after further testing: It looks like it may not like it when there are spaces in the secret. When I tried setting it up again using the QR code and Enpass 6.2 on Android it generates codes as expected. Edited November 19, 2019 by Dianoga Did more testing Link to comment Share on other sites More sharing options...
neolidas Posted November 19, 2019 Report Share Posted November 19, 2019 Same Problem here on iOS, ipadOS and macOS "Invalid TOTP Secret" Link to comment Share on other sites More sharing options...
Ankur Gupta Posted November 19, 2019 Report Share Posted November 19, 2019 Hi guys, Sorry for the inconvenience caused to you. We are not able to reproduce the issue. Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue. Thanks. Link to comment Share on other sites More sharing options...
neolidas Posted November 19, 2019 Report Share Posted November 19, 2019 i have removed the blank characters from the codes then TOTP works again 3 Link to comment Share on other sites More sharing options...
Dianoga Posted November 19, 2019 Author Report Share Posted November 19, 2019 Sample: axgz ms4t bhmp uwdh zihm mgs6 73ny co4l Works without spaces in 6.3.0 Link to comment Share on other sites More sharing options...
pos Posted November 20, 2019 Report Share Posted November 20, 2019 We have 10 users with this problem after the latest update! Bad testing procedure Enpass! 1 Link to comment Share on other sites More sharing options...
plinss Posted November 20, 2019 Report Share Posted November 20, 2019 Same issue, removing spaces from the stored secret resolves the issue. This is a regression as spaces were previously ignored. Note that many web sites and apps generate TOTP secrets with spaces in them. Having to manually remove the spaces is a pain. 1 Link to comment Share on other sites More sharing options...
scottjl Posted November 21, 2019 Report Share Posted November 21, 2019 same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future! 1 Link to comment Share on other sites More sharing options...
ThomasG Posted November 21, 2019 Report Share Posted November 21, 2019 On 11/19/2019 at 6:17 PM, neolidas said: i have removed the blank characters from the codes then TOTP works again This works, thank you very much! Link to comment Share on other sites More sharing options...
EnpassKing Posted November 22, 2019 Report Share Posted November 22, 2019 This has affected everyone i know who is using Enpass. Come on Devs, you can't be making mistakes like this which can potentially lock everyone out of all of their accounts. Some people have got hundreds of passwords and it could take days to resolve login issues like this, even per account to regain access. This is a really poor show! Link to comment Share on other sites More sharing options...
pos Posted November 22, 2019 Report Share Posted November 22, 2019 @Ankur Gupta As you commented in the thread and is a part of the "enpass" team.... Now after some more posts, you can see you do not need any samples as the problem is 100% clear. Please say something! How can you act so slow for such a critical incident? We could at least expect a fast reply that you are sorry for the bug and will go for a quick fix. Why this silence? Show us that you care for your customers! /Peo Link to comment Share on other sites More sharing options...
Benqer Posted November 23, 2019 Report Share Posted November 23, 2019 Same Problem here ... This error is an absolute no-go! On 11/19/2019 at 7:17 PM, neolidas said: i have removed the blank characters from the codes then TOTP works again That works, thank you! Link to comment Share on other sites More sharing options...
Pete Posted November 23, 2019 Report Share Posted November 23, 2019 On 11/19/2019 at 1:17 PM, neolidas said: i have removed the blank characters from the codes then TOTP works again Cheers m8, worked on my end. On 11/20/2019 at 11:21 AM, pos said: We have 10 users with this problem after the latest update! Bad testing procedure Enpass! 10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo. On 11/20/2019 at 9:38 PM, scottjl said: same problem here, removing the spaces fixed the issue. VERY scary as i could have lost access to some important accounts. Enpass always ignored spaces before, it should continue to do so. why was this changed and why wasn't this caught in testing? little, but very important, mistakes like this make me very wary of upgrading in the future! Gatta setup backup codes, without them, I'd freak out. Link to comment Share on other sites More sharing options...
Mark I Posted November 24, 2019 Report Share Posted November 24, 2019 (edited) On 11/24/2019 at 2:53 AM, Pete said: Cheers m8, worked on my end. 10 that submitted the error, I'm sure countless others are having the problem as well. Bad testing for sure, but it's happened before and probably won't stop here, sadly the developers don't seem very focused imo. Gatta setup backup codes, without them, I'd freak out. Same problem for me. I reported the issue via email. At the same time it’s good to have a recovery way, so I suggest using https://github.com/moldabekov/gauth for that cases. At least it saved me. Edited November 24, 2019 by Mark I Link to comment Share on other sites More sharing options...
mbraichura Posted November 25, 2019 Report Share Posted November 25, 2019 On 11/19/2019 at 11:36 PM, Ankur Gupta said: Hi guys, Sorry for the inconvenience caused to you. We are not able to reproduce the issue. Could you please create a sample TOTP URL secret for that particular website to check if that works? if it still fails, please share that sample URL so that we can investigate the issue. Thanks. hello Ankunr it is showing invalid totp in case of Secret having Spaces Link to comment Share on other sites More sharing options...
Pratyush Sharma Posted November 25, 2019 Report Share Posted November 25, 2019 Hi All, Sorry for the trouble you are going through. We are already aware of this issue and our Dev team is working on it. Hopefully, fix will be available very soon. Till then, we will request you to please co-operate with us. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now