Peter Upfold's community posts
Two factor authentication -- time synchronisation
Peter Upfold,
User (Posts: 1)
Aug 09, 2022 8:31:58 am EDT
Support level: Free or trial
I have found that if there is any time discrepancy at all between host and viewer (or wherever else the two factor one-time codes are generated), the two factor code generated can be rejected by the host.
For example, if the current 30 second code expires in 2 seconds, but the host clock is 3 seconds ahead (so it believes this code has already expired), it will not accept the code. If the host and 2FA generator clocks are out by more than 30 seconds, it is not possible to sign in, as the codes will never overlap.
Would it be possible for some level of time skew to be accepted by the host to account for this -- I believe this is normally the case for TOTP 2FA systems.
For example, if the current 30 second code expires in 2 seconds, but the host clock is 3 seconds ahead (so it believes this code has already expired), it will not accept the code. If the host and 2FA generator clocks are out by more than 30 seconds, it is not possible to sign in, as the codes will never overlap.
Would it be possible for some level of time skew to be accepted by the host to account for this -- I believe this is normally the case for TOTP 2FA systems.