My TFA Codes Aren’t Working!

A coworker was having an issue logging into a website that requires two-factor authentication. We keep the authentication information for this site, including the TFA code, in a corporate 1Password account. 

While he was getting his TFA codes rejected 100% of the time, I was having no troubles, using the same account, same 1Password, etc.

The problem?

His system clock on his PC was running two minutes slow.

TFA codes are time-sensitive: the time is one of the factors in their generation (that’s why they expire every minute). If your system has the wrong time, your 1Password will generate the wrong TFA code.

The solution: he set his PC clock to the right time.

Comments

Jarek's picture
Jarek on November 4, 2022 - 15:08 Permalink

Keeping your computer clock synced with a reference clock via Network Time Protocol is a way to avoid these problems in general.

Peter Rukavina's picture
Peter Rukavina on November 4, 2022 - 15:14 Permalink

In the case of my colleague, their Windows PC had the NTP sync box unchecked and, it seemed, a security policy that prevented it from being checked. The workaround was to manually set the time (which rendered the time 30 seconds out of sync, which meant TFA was still broken, but only half the time).

Andrew's picture
Andrew on November 4, 2022 - 15:31 Permalink

Reminds me of early PC software licenses, most trials were tied to the clock; as long as you didn’t care about the future, you could always keep using the programs.

Steven Garrity's picture
Steven Garrity on November 4, 2022 - 15:52 Permalink

Yes! I once helped a person who kept getting SSL certificate warnings in their web browser. It turned out they had set their system clock back ten years to be able to use a free trial of a software package.