There are many things that can cause an incorrect code to be generated. We'll go through them here on this page.
The most common reason for an incorrect code is for the client and the server to have different time settings. This is because the code generated is based on the system time and changes every thirty seconds. Most verifying systems will only accept the current code, previous code, and the next code. If your time is off by more than 30 seconds you stand a good chance of generating codes outside of the window that will be accepted by the server.
- Check that your system time is correct. If your computer supports auto setting of the clock based on a network time server than this is a good way to ensure that everything correct.
- Check your timezone and daylight savings settings. These codes are generated using UTC. If your timezone setting is off but your time is correct for the local time then your UTC time will be off by as many hours as your timezone is off. The codes generated in this case will be completely incorrect.
- Check that your date is correct. If the time is correct but the date is off the code will still be wrong. Each 30 second increment that elapses is considered a new code window. The same code isn't generated at the same time each day but rather a new code is generated every thirty seconds.
- Be sure that the verifying system uses UTC to generate codes. The RFC that defines the TOTP standard used here recommends UTC but that doesn't mean that the verifying system uses UTC. If they don't use UTC then KeeOtp will not work since KeeOtp always uses UTC. There is a feature request to add this capability in a future version. See issue
#8to follow this request.
If you are using the Google Authenticatior smartphone app successfully there is a little test that you can do. Download the current OTP-Sharp package. Inside there should be a demonstration application that generates a QR code for the Google Authenticator app. Don't change any settings (or it may not work) and scan the QR code with your smartphone. If the code generated doesn't match what is on your phone then you likely still have a clock sync issue.
KeeOtp currently accepts keys as base32. Ensure that the key provided to you is correctly encoded as base32. The known systems that KeeOtp works with all provide the key as base32 already so no additional encoding should be needed.
It is possible however that the system provides the key in some other way. If this is the case you will need to convert it to base32 as that is currently the only way that KeeOtp accepts keys. There is a feature request for alternate encodings. See #7 to follow that request.
- Ensure that the key is encoded correctly. Look up the key encoding used by the service. Google, Amazon, and Dropbox all use base32 so no additional encoding is needed. The spaces will need to be stripped out.
- If your key is encoded using base64 or hex you will need to translate that to base32.
There are several settings that can be specified when setting up the entry in KeeOtp. In addition to the key there is a step window and a digit size.
- The most common step window is 30 seconds. KeeOtp allows alternate time steps to be specified. Be sure that if an alternate time step is specified that it is because the verifying system has specifically said that is what they use. If the time step doesn't match the server's expected time step then the code will not ever be correct. When in doubt, leave this setting at the default 30 seconds.
- Code size is another setting that can cause incorrect codes. The most common size is 6 but 8 is also allowed. Be sure that this number matches the verifying service's expectations. When in doubt leave this value at 6 as most services use a 6 digit code.
Version 1.3.0 had a problem that caused an error to occur and crash the application with an error of
"PNG images with 64bpp aren't supported by libgdiplus."
This issue has been resolved with 1.3.1. It is possible, however, that even after updating this issue still persists when using PLGX files. To resolve this issue update to the latest version and clear the plugin cache. This can be done under Tools -> Plugins.