Hotp resync after device reset
After a phone wipe, my authenticator got restored from backup, but the HOTP token clearly lost its place. No,w every code is rejected even though the seed is the same. The server counter is higher than the app's reported value. I can rotate tokens, but I’d rather resync without forcing all users through re-enrollment. What’s a safe, simple process to realign counters and confirm everything without weakening security?
Comments
Practical path forward: add a controlled resync routine where the user is asked for two or three consecutive codes; the backend scans a small forward window to find the first match, then confirms the next in sequence to prevent guessing. Advance the server counter to the confirmed match and log the delta for audit. Keep strict rate limits and short lockouts so attackers can’t probe endlessly. For verification during troubleshooting (without poking production), use a dedicated tool like this hotp generator to step through expected codes and ensure your server logic advances exactly once per success. Document this flow for support so resets don’t trigger full token rotation unless the seed is actually compromised.
Following this thread, the two-code resync was the lifesaver in our small org. Support could realign people after device restores in under a minute, and we didn’t have to issue new secrets. Logging the counter jump also helped us spot when someone had been generating lots of unused codes, so we could offer quick coaching. Keeping the resync window tight and attempts limited made it feel safe while still being practical.