2FA with Authy - Issues with QR-Code format

Hi all,

I’ve tried to enable 2FA but my authenticator app of choice Authy seems to have a problem with the displayed QR-Code.
Is this “just an Authy problem” and it’ll work with other authenticators?
If so, is there any chance that it’ll get accessible for Authy users?

CMK version: 2.1.0p20
OS version: Check_MK rack1 Mark III - Version: 1.5.4

Error message from Authy-App:

“Formatt not supported -
Please try again”

Best,
Scott

Hi @xScottHein,

sorry but I can’t really follow you here. Checkmk 2.1 is supporting 2FA with the webauthn standard.
So my question is how do your even get a QR code? If I try to setup 2FA in Checkmk I can only use a webauthn capable device like my yubikey.

Or do you mean 2FA in the forum using a QR Code?

It would help if you could clarify your problem a bit more. You can even add a screenshot if you want.

Regards
Norm

Hi Norm,

let me clarify with screenshots.
Below is the path, how I get the QR-Code from out CheckMK instance.
Since we don’t use yubikey in the company we rely on apps like Authy, Google Authenticator and so on for 2FA/MFA. Whatever, is personal preference.

While trying to scan the QR-Code from the last picture, Authy shows the error message :“Format not supportet - Please try again”

I’ve also tried to use the Google Authenticator but that one doesn’t even recognized the QR-Code.
That got me thinking. Do I totally misunderstand CheckMKs 2FA system here? Or is there an error with the generated QR-Code?

I’m sorry for the confusion

Best
Scott

Hi @xScottHein,

the QR code you get there is a passkey for the WebAuthn Standard. It’s not a TOTP QR code. Authy only supports TOTP codes.

The “passkeys” you get there is a cryptographic “password”. Normally you use a hardware token for it. Here you can read more about Passkeys: Passkeys (Passkey Authentication)
That means: Authy cannot support this type of 2FA.

Hope this helps. :slight_smile:
Norm

2 Likes

Hi Norm,

now I understand! I was totally unfamiliar with how Passkeys work and that the shown QR-Code is therefore and not for TOTPs.

There would be one last question. Is it planned to implement 2FA via TOTPs?

Thank you again for your help and the explanation!

Best
Scott

Happy I was able to help. :wink:

As far I know no. But there is already a feature request on the feature portal. You can upvote that feature if you want. https://features.checkmk.com/suggestions/305928/totp-codes-for-2fa

Regards
Norm :v:

Well, thank you a second time!

Best
Scott

1 Like

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.