搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Cold sweat: recovery codes didn't work!

  • 5 个回答
  • 2 人有此问题
  • 1 次查看
  • 最后回复者为 cor-el

more options

Hi there,

I just started a seldom-used FF profile to have it synced (you lose FF sync connection if you don't log in within 2 months, I think…). I set up my account for decent security: 2FA, wrote down the recovery key and recovery codes.

As I changed the password recently (didn't re-generate said recovery strings), I expected the disconnected state, all right. So I proceed on entering my new password, and out of curiosity, decide to make as if I didn't have the 2nd factor on hand

The Firefox Sync dialog page now asks me for a "Recovery code" that's 10 digits long. To my great surprise, none of those I saved when first setting up the account worked! I know I didn't use any of them.

More, the terminology had me confused: when is a recovery key used vs. code? Both files contain "Recovery codes" in their name, besides, a "digit" is: "1 any of the numerals from 0 to 9, especially when forming part of a number." Nowhere in Firefox Sync a string of 10 "digits" generated: the "recovery key" is 32 character long, in 8 sets of 4 characters, and the "recovery codes", as I understood it, 10 "character" long (and there are 8 of them), number and letters, so not digits.

Why none of my codes worked? Would have it been necessary to generate a new set after changing password?

Hi there, I just started a seldom-used FF profile to have it synced (you lose FF sync connection if you don't log in within 2 months, I think…). I set up my account for decent security: 2FA, wrote down the recovery '''''key''''' and recovery '''''codes'''''. As I changed the password recently (didn't re-generate said recovery strings), I expected the disconnected state, all right. So I proceed on entering my new password, and out of curiosity, decide to make as if I didn't have the 2nd factor on hand The Firefox Sync dialog page now asks me for a "Recovery code" that's 10 ''digits'' long. To my great surprise, none of those I saved when first setting up the account worked! I know I didn't use any of them. More, the terminology had me confused: when is a recovery '''''key''''' used vs. '''''code'''''? Both files contain "Recovery codes" in their name, besides, a "digit" is: "1 any of the numerals from 0 to 9, especially when forming part of a number." Nowhere in Firefox Sync a string of 10 "digits" generated: the "recovery key" is 32 character long, in 8 sets of 4 characters, and the "recovery codes", as I understood it, 10 "character" long (and there are 8 of them), number '''and''' letters, so not digits. Why none of my codes worked? Would have it been necessary to generate a new set after changing password?

所有回复 (5)

more options

You use the 32 character recovery key when you reset the password to prevent losing data stored on the Sync server.

You use a 10 byte recovery code if you use 2FA and do not have access to your authenticator app to generate the 6 byte TOTP code. Note that you still need 2FA access, either via the app or via a recovery code, if you want to reset the password and use 2FA.

more options

I think I understand despite the even more confusing usage explanation: now a digit is the same as a character is the same as a byte. However i learnt that a character (number, letter or symbol), at least in UTF8, is represented on 8 bits i.e. one byte, so the recovery codes consists of strings of 10 characters each, or 80 bytes, while FF Sync server asks for 10 digits as if it were a bank card NIP.

Now the TOTP code is supposed to be 6 bytes long, i.e. 48 bits, which is correct, but still referred to by FF Sync as digits and properly describes what the user will see on his/her TOTP-generating app or token.

Confusing, isn't it?

But still, why none of my codes worked? Would have it been necessary to generate a new set after changing password? If not, this is rather worrisome.

more options

Byte is the same as a character in this context as only normal 8 bit ASCII is used for the recovery key and recovery codes :wink:

more options

…Agreed but the FF sync login page refers to "digits", and "character" or "byte" are nowhere to be found.

In any case, was it necessary to re-generate recovery codes after changing password? That would defeat the purpose of recovery codes IMHO.

more options

The TOTP code is six digits, but the recovery key and 2FA recovery codes can include alphanumeric characters as well. I don't think it is worth the time and effort to discuss how to word those character strings, but to concentrate on the issue you reported if this is still not fixed.