Yubico Forum

Hi,

I am trying to get familiar with my Yubikey NEO and right now I am having trouble understanding the TOTP authentication and getting it to work completely.

On one side I use the Yubico Authenticator for Android Version 1.0.3 (from F-Droid). These codes are working fine. On the Desktop side I installed the Yubico Authenticator Version 2.3.0 from Debian testing (with ykpers 1.17.2). These codes are not accepted and when I switch during the time period and compare the codes, I see that they are actually different!
It does not make any difference where I add the credential, this is on both sides working fine. But only the codes on the Android app are working, regardless where I added the credential. Why is this the case?
[Edit: This is solved: The system time was off by a few minutes. Thanks for the answer brendanhoar.]

Apart from this unfortunately the documentation is not very good, meaning many questions are left unanswered:

What does it mean to read the codes from slot 1 or slot 2? Are the same slots meant you can setup with the YubiKey Personalization Tool? If so what effect does it have because it seems I can save credentials for TOTP and HOTP with the Authenticator even if I do not have OATH-HOTP written to any (Personalization Tool) slot. Finally in the manpage I found a hint, that if I deactivate the (Authenticator) slots, the "main applet" is used instead. What reason could I have to store a credential in a slot then?

Well, this is it for now. Thanks in advance!

Part of the steps to generate a TOTP code involve sending the local time from the computer or phone to the yubikey.

Is the computer set to sync the hardware time via NTP? Contemporary smartphones should be doing this already, which is why they should always work.

B

Now I am feeling bad. That was it of course. ntpdate was not running for some reason and the time was off by a few minutes.
Thanks for the hint.

Nevertheless, I am still curious about the other questions.

The slot functionality is really only for YubiKeys which don't have the more advanced OATH "applet", such as the old standard YubiKey, or YubiKey Edge. The slots are the same ones as can be programmed with the YubiKey Personalization Tool. When available (YubiKey Neo and YubiKey4), the recommendation is to use the advanced OATH functionality instead.