After the Oct 25th DST change in Europe I’m unable to login via 2fA, the code is rejected with the message “Invalid authentication code. Each code can only be used once.”
Was able to login yesterday, nothing else changed in the meantime on the server or client, it seems the DST change in the client timestamp is not addressed correctly on the server.
Discourse version: da5841de0b
Self hosted, standard install
If you’re using the Google Authenticator app, try going to Settings -> Time correction for codes and pressing the “Sync now” option. Codes should be being generated with UTC, and unaffected by DST.
It’s possible your phone has an outdated tzdata, so can’t apply the correct timezone offset.
Thanks, this definitely is a phone/authenticator issue, it also fails on other 2fa enabled sites.
Will try your suggestions.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.