Hi @squarestar
We can reproduce that on FreeOTP on a phone, but if we read the QR code with 1Password password manager for example, the URL does include the Issuer field, currently set to “Wordfence”.
We don’t see any obvious issues open for that issue on their github repo here:
https://github.com/freeotp/freeotp-ios/issues
A few other apps including Google Authenticator, Sophos Intercept X, and the 1Password desktop application are reading the issuer fine, so we think this is a bug in Free OTP.
We tried creating a couple variations of the QR code on a test site, like capitalizing issuer, or adding a second parameter after it, and it does not make a difference. (The QR codes represent a URL beginning with otpauth:://totp/. The end of the URL looks like &algorithm=SHA1&digits=6&period=30&issuer=Wordfence.)
We found this. Google recommends including the issuer in two places. It sounds like FreeOTP is only looking at one:
https://github.com/google/google-authenticator/wiki/Key-Uri-Format
We have a plugin update case planned for changing the issuer anyway, so that it can be the site name instead of Wordfence (moving Wordfence to another position) and we can address this issue at the same time but we don’t have a timescale for when this will be.
