- Products
- Network Security
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
Capture ATPMulti-engine advanced threat detection
Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
- Email Security
Email SecurityProtect against today’s advanced email threats
- Cloud Security
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
- Products
- Network Security
- Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
- Security ServicesComprehensive security for your network security solution
- Network Security ManagerModern Security Management for today’s security landscape
- Advanced Threat Protection
- Capture ATPMulti-engine advanced threat detection
- Capture Security applianceAdvanced Threat Protection for modern threat landscape
- Access Security
- Cloud Edge Secure AccessDeploy Zero-Trust Security in minutes
- Secure Mobile AccessRemote, best-in-class, secure access
- Wireless Access PointsEasy to manage, fast and secure Wi-FI
- SwitchesHigh-speed network switching for business connectivity
- Email Security
- Email SecurityProtect against today’s advanced email threats
- Cloud Security
- Cloud App SecurityVisibility and security for Cloud Apps
- Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
- Endpoint Security
- Capture ClientStop advanced threats and rollback the damage caused by malware
- Content Filtering ClientControl access to unwanted and unsecure web content
- Product Widgets
- Product Menu Right Image
- Network Security
- Solutions
- Solutions Widgets
- Solutions Image Widgets
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
- Support Widget
TOTP Authentication failure - Invalid Password for two-factor authentication using Google/Microsoft 2FA
03/26/2020 
76 People found this article helpful
25,016 Views
Description
Users might face this issue sometimes while trying to log in to the SMA/UTM to initiate either an SSL VPN client based or a web based connection. After completing the first step of authentication(LDAP or Local) the user will be presented with another window where they will be required to enter the code from their 2FA App. The second authentication method would fail in some cases due to the reason that is described in this article.
Cause
This has been observed when the appliance or the user device/App and their correct time/time zone are not in sync. TOTP is an algorithm that computes a one-time password from a shared secret key(this is done in the form of a QRCode) and the current time. Therefore, it is very important to make sure that the SMA/UTM appliances and the end user devices/Apps are set to the right time and date.
Resolution
First, as mentioned above make sure the SMA/UTM appliance is set to the right date and time. Go to the web UI, record the time, date and timezone.
You can go to either one of these websites : https://time.is/time_zones or https://www.timeanddate.com/time/map/ and you can select the timezone and set the same on the appliances accordingly. Please correct the time using NTP settings or set the time manually.
If the appliance time settings are right. Please make sure the Mobile Phone App is set to the right date and time. For example, if you use Google Authenticator:
Make sure that the time on your Google Authenticator App is correctly in sync:
On Android
1) Go to the main menu on the Google Authenticator application
2) Tap More -> Settings
3) Tap Time correction for codes
4) Tap Sync now
5) On the next screen, the application will confirm that the time has been synced, and now you should be able to use your verification codes to sign in or bind. The sync will only affect the internal time of your Google Authenticator application and will not change your device’s Date & Time settings.
On iOS
1) Go to the iPhone Settings App (your phone settings area)
2) Select General
3) Select Date & Time
4) Enable Set Automatically
5) If it is already enabled, disable it, wait a few seconds and re-enable
After that, you can use the code on Google Authenticator App or bind it again.
Related Articles
- Initial Setup Guide of SMA1000 for high security environments
- How can I get root access to SMA100
- SMB SSL-VPN: User principal name (UPN) support on SMB SSL VPN devices
Categories
- Secure Mobile Access > SMA 100 Series
- Secure Mobile Access > SMA 1000 Series
- Firewalls > NSa Series
- Firewalls > TZ Series
YES
NO