搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

Learn More

Cold sweat: recovery codes didn't work!

  • 5 回覆
  • 2 有這個問題
  • 29 次檢視
  • 最近回覆由 cor-el

more options

Hi there,

I just started a seldom-used FF profile to have it synced (you lose FF sync connection if you don't log in within 2 months, I think…). I set up my account for decent security: 2FA, wrote down the recovery key and recovery codes.

As I changed the password recently (didn't re-generate said recovery strings), I expected the disconnected state, all right. So I proceed on entering my new password, and out of curiosity, decide to make as if I didn't have the 2nd factor on hand

The Firefox Sync dialog page now asks me for a "Recovery code" that's 10 digits long. To my great surprise, none of those I saved when first setting up the account worked! I know I didn't use any of them.

More, the terminology had me confused: when is a recovery key used vs. code? Both files contain "Recovery codes" in their name, besides, a "digit" is: "1 any of the numerals from 0 to 9, especially when forming part of a number." Nowhere in Firefox Sync a string of 10 "digits" generated: the "recovery key" is 32 character long, in 8 sets of 4 characters, and the "recovery codes", as I understood it, 10 "character" long (and there are 8 of them), number and letters, so not digits.

Why none of my codes worked? Would have it been necessary to generate a new set after changing password?

Hi there, I just started a seldom-used FF profile to have it synced (you lose FF sync connection if you don't log in within 2 months, I think…). I set up my account for decent security: 2FA, wrote down the recovery '''''key''''' and recovery '''''codes'''''. As I changed the password recently (didn't re-generate said recovery strings), I expected the disconnected state, all right. So I proceed on entering my new password, and out of curiosity, decide to make as if I didn't have the 2nd factor on hand The Firefox Sync dialog page now asks me for a "Recovery code" that's 10 ''digits'' long. To my great surprise, none of those I saved when first setting up the account worked! I know I didn't use any of them. More, the terminology had me confused: when is a recovery '''''key''''' used vs. '''''code'''''? Both files contain "Recovery codes" in their name, besides, a "digit" is: "1 any of the numerals from 0 to 9, especially when forming part of a number." Nowhere in Firefox Sync a string of 10 "digits" generated: the "recovery key" is 32 character long, in 8 sets of 4 characters, and the "recovery codes", as I understood it, 10 "character" long (and there are 8 of them), number '''and''' letters, so not digits. Why none of my codes worked? Would have it been necessary to generate a new set after changing password?

所有回覆 (5)

more options

You use the 32 character recovery key when you reset the password to prevent losing data stored on the Sync server.

You use a 10 byte recovery code if you use 2FA and do not have access to your authenticator app to generate the 6 byte TOTP code. Note that you still need 2FA access, either via the app or via a recovery code, if you want to reset the password and use 2FA.

有幫助嗎?

more options

I think I understand despite the even more confusing usage explanation: now a digit is the same as a character is the same as a byte. However i learnt that a character (number, letter or symbol), at least in UTF8, is represented on 8 bits i.e. one byte, so the recovery codes consists of strings of 10 characters each, or 80 bytes, while FF Sync server asks for 10 digits as if it were a bank card NIP.

Now the TOTP code is supposed to be 6 bytes long, i.e. 48 bits, which is correct, but still referred to by FF Sync as digits and properly describes what the user will see on his/her TOTP-generating app or token.

Confusing, isn't it?

But still, why none of my codes worked? Would have it been necessary to generate a new set after changing password? If not, this is rather worrisome.

有幫助嗎?

more options

Byte is the same as a character in this context as only normal 8 bit ASCII is used for the recovery key and recovery codes :wink:

有幫助嗎?

more options

…Agreed but the FF sync login page refers to "digits", and "character" or "byte" are nowhere to be found.

In any case, was it necessary to re-generate recovery codes after changing password? That would defeat the purpose of recovery codes IMHO.

有幫助嗎?

more options

The TOTP code is six digits, but the recovery key and 2FA recovery codes can include alphanumeric characters as well. I don't think it is worth the time and effort to discuss how to word those character strings, but to concentrate on the issue you reported if this is still not fixed.

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先 登入您的帳號 來回覆文章。請 開始一個新問題