-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
TOTP Authentication failure - Invalid Password for two-factor authentication using Google/Microsoft 2FA
03/26/2020 
112 People found this article helpful
497,999 Views
Description
Users might face this issue sometimes while trying to log in to the SMA/UTM to initiate either an SSL VPN client based or a web based connection. After completing the first step of authentication(LDAP or Local) the user will be presented with another window where they will be required to enter the code from their 2FA App. The second authentication method would fail in some cases due to the reason that is described in this article.
Cause
This has been observed when the appliance or the user device/App and their correct time/time zone are not in sync. TOTP is an algorithm that computes a one-time password from a shared secret key(this is done in the form of a QRCode) and the current time. Therefore, it is very important to make sure that the SMA/UTM appliances and the end user devices/Apps are set to the right time and date.
Resolution
First, as mentioned above make sure the SMA/UTM appliance is set to the right date and time. Go to the web UI, record the time, date and timezone.
You can go to either one of these websites : https://time.is/time_zones or https://www.timeanddate.com/time/map/ and you can select the timezone and set the same on the appliances accordingly. Please correct the time using NTP settings or set the time manually.
If the appliance time settings are right. Please make sure the Mobile Phone App is set to the right date and time. For example, if you use Google Authenticator:
Make sure that the time on your Google Authenticator App is correctly in sync:
On Android
1) Go to the main menu on the Google Authenticator application
2) Tap More -> Settings
3) Tap Time correction for codes
4) Tap Sync now
5) On the next screen, the application will confirm that the time has been synced, and now you should be able to use your verification codes to sign in or bind. The sync will only affect the internal time of your Google Authenticator application and will not change your device’s Date & Time settings.
On iOS
1) Go to the iPhone Settings App (your phone settings area)
2) Select General
3) Select Date & Time
4) Enable Set Automatically
5) If it is already enabled, disable it, wait a few seconds and re-enable
After that, you can use the code on Google Authenticator App or bind it again.
Related Articles
- How to download Client Installation package and the access agents from the appliance using WinSCP
- SMA 1000: How to update Advanced EPC Signatures to the Latest Version
- If OTP is enabled, NX disconnects after SMA100 Connect Agent installation
Categories
- Secure Mobile Access > SMA 100 Series
- Secure Mobile Access > SMA 1000 Series
- Firewalls > NSa Series
- Firewalls > TZ Series
YES
NO