My TFA Codes Aren't Working!

Peter Rukavina

A coworker was having an issue logging into a website that requires two-factor authentication. We keep the authentication information for this site, including the TFA code, in a corporate 1Password account. 

While he was getting his TFA codes rejected 100% of the time, I was having no troubles, using the same account, same 1Password, etc.

The problem?

His system clock on his PC was running two minutes slow.

TFA codes are time-sensitive: the time is one of the factors in their generation (that’s why they expire every minute). If your system has the wrong time, your 1Password will generate the wrong TFA code.

The solution: he set his PC clock to the right time.

Comments

Submitted by Jarek on

Permalink

Keeping your computer clock synced with a reference clock via Network Time Protocol is a way to avoid these problems in general.

In the case of my colleague, their Windows PC had the NTP sync box unchecked and, it seemed, a security policy that prevented it from being checked. The workaround was to manually set the time (which rendered the time 30 seconds out of sync, which meant TFA was still broken, but only half the time).

Submitted by Andrew on

Permalink

Reminds me of early PC software licenses, most trials were tied to the clock; as long as you didn’t care about the future, you could always keep using the programs.

Submitted by Steven Garrity on

Permalink

Yes! I once helped a person who kept getting SSL certificate warnings in their web browser. It turned out they had set their system clock back ten years to be able to use a free trial of a software package.

Add new comment

Plain text

  • Allowed HTML tags: <b> <i> <em> <strong> <blockquote> <code> <ul> <ol> <li>
  • Lines and paragraphs break automatically.

About This Blog

Photo of Peter RukavinaI am . I am a writer, letterpress printer, and a curious person.

To learn more about me, read my /nowlook at my bio, listen to audio I’ve posted, read presentations and speeches I’ve written, or get in touch (peter@rukavina.net is the quickest way). 

You can subscribe to an RSS feed of posts, an RSS feed of comments, or a podcast RSS feed that just contains audio posts. You can also receive a daily digests of posts by email.

Search