Hi all,
I’ve tried to enable 2FA but my authenticator app of choice Authy seems to have a problem with the displayed QR-Code.
Is this “just an Authy problem” and it’ll work with other authenticators?
If so, is there any chance that it’ll get accessible for Authy users?
CMK version: 2.1.0p20
OS version: Check_MK rack1 Mark III - Version: 1.5.4
Error message from Authy-App:
“Formatt not supported -
Please try again”
Best,
Scott
Hi @xScottHein,
sorry but I can’t really follow you here. Checkmk 2.1 is supporting 2FA with the webauthn standard.
So my question is how do your even get a QR code? If I try to setup 2FA in Checkmk I can only use a webauthn capable device like my yubikey.
Or do you mean 2FA in the forum using a QR Code?
It would help if you could clarify your problem a bit more. You can even add a screenshot if you want.
Regards
Norm
Hi Norm,
let me clarify with screenshots.
Below is the path, how I get the QR-Code from out CheckMK instance.
Since we don’t use yubikey in the company we rely on apps like Authy, Google Authenticator and so on for 2FA/MFA. Whatever, is personal preference.
While trying to scan the QR-Code from the last picture, Authy shows the error message :“Format not supportet - Please try again”
I’ve also tried to use the Google Authenticator but that one doesn’t even recognized the QR-Code.
That got me thinking. Do I totally misunderstand CheckMKs 2FA system here? Or is there an error with the generated QR-Code?
I’m sorry for the confusion
Best
Scott
Hi @xScottHein,
the QR code you get there is a passkey for the WebAuthn Standard. It’s not a TOTP QR code. Authy only supports TOTP codes.
The “passkeys” you get there is a cryptographic “password”. Normally you use a hardware token for it. Here you can read more about Passkeys: Passkeys (Passkey Authentication)
That means: Authy cannot support this type of 2FA.
Hope this helps. 
Norm
Hi Norm,
now I understand! I was totally unfamiliar with how Passkeys work and that the shown QR-Code is therefore and not for TOTPs.
There would be one last question. Is it planned to implement 2FA via TOTPs?
Thank you again for your help and the explanation!
Best
Scott
Happy I was able to help. 
As far I know no. But there is already a feature request on the feature portal. You can upvote that feature if you want. https://features.checkmk.com/suggestions/305928/totp-codes-for-2fa
Regards
Norm 
Well, thank you a second time!
Best
Scott
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact an admin if you think this should be re-opened.
