...
Effectively an authenticator application that provides the verification code, provides a code that is only valid for a short period of time. If this time expires or the time of the authenticator application device or the application itself are not in sync, the verification code will be rejected. There is a tolerance built into the TOTP algorithm specification which can be implemented to allow a for a small amount of clock drift.
I’m having issues, What should I do?
We suggest that you You need to ensure that your devices running your authenticator application has it's time to set automatically. This should ensure that you device always has the correct time on it by using the internet to synchronise it's time with rather than manually setting the time.
| Info |
|---|
Even if you manually set the time and it looks right, it could be just far enough out from the other device’s time to cause the authentication not to work. |
On a computer
You can do this by going in to the time on your computer (bottom right of main screen) and right clicking. Then choose Adjust date/time from the settings.
...
This needs to match up with the relevant authenticator device you are using. If you are using a phone, your phone time and the computer time need to be the same.
For your phone device that runs the authenticator app, please ensure your time is set to automatically sync. This is different on every device however it is normally under Settings > Date & Time.
Technical Reference
From the Internet Engineering Task Force (IETF) RFC 6238 - TOTP: Time-Based One-Time Password Algorithm (ietf.org) - notably Section 6 which talks about resynchronisation.