Community

Two factor authentication -- time synchronisation

Links used in this discussion

Peter Upfold, User (Posts: 1)

Aug 09, 2022 8:31:58 am EDT

I have found that if there is any time discrepancy at all between host and viewer (or wherever else the two factor one-time codes are generated), the two factor code generated can be rejected by the host.

For example, if the current 30 second code expires in 2 seconds, but the host clock is 3 seconds ahead (so it believes this code has already expired), it will not accept the code. If the host and 2FA generator clocks are out by more than 30 seconds, it is not possible to sign in, as the codes will never overlap.

Would it be possible for some level of time skew to be accepted by the host to account for this -- I believe this is normally the case for TOTP 2FA systems.

Pauline, Support (Posts: 2869)

Aug 09, 2022 5:42:44 pm EDT

Hello Peter,

Thank you for your message.

Unfortunately, this is excepted behavior when using the two factor authentication feature. When using the 2FA, you need to make sure that the phone with the authenticator app and the Host PC both synchronize their time from an online source and that the Windows Time Service (w32tm) is set up correctly on the Host machine.
For more information please also refer to this KB page.

Pease let us know if you have more questions.

Submit a reply

^* Website time zone: America/New_York (UTC -5)