IBM Security Z Security

I'm trying to get MFA (2.2) on z/OS working (on zPDT).
If I use the IBM Security Verify  app - it works.   If I use Google Authenticator or  Duo  Mobile apps the generated code is not accepted.  Is this a known problem or is it a set up problem?

I purchased a Yubikey 5 NFC because some of the Yubico web pages says it supports OTP.  The key only seems to have FIDO2 support, and I cannot get it to work and produce One Time Passwords.   Is there a recommended Yubico key which works?  I'm running on Ubuntu Linux.

Colin

Hi Colin.

I have experienced something similar when I was testing zMFA and the TOTP factor in combination with various apps. The QR code generated by zMFA contains information that is derived from either the default factor settings or the users factor settings. This includes the digest algorithm, the token code length and the token period. An app may not have implemented support for these settings, and may choose to override the information in the QR code and simply use defaults set by the app. In that case, you may experience that token codes generated from one app are working, whereas token codes generated by other apps are not.
Something similar may be the case with other types of one time passwords.

Best regards
Mikael Rasmussen

I'm trying to get MFA (2.2) on z/OS working (on zPDT).
If I use the IBM Security Verify  app - it works.   If I use Google Authenticator or  Duo  Mobile apps the generated code is not accepted.  Is this a known problem or is it a set up problem?

I purchased a Yubikey 5 NFC because some of the Yubico web pages says it supports OTP.  The key only seems to have FIDO2 support, and I cannot get it to work and produce One Time Passwords.   Is there a recommended Yubico key which works?  I'm running on Ubuntu Linux.

Colin