Two factor auth consistently returns invalid authentication code

fero · April 10, 2018, 1:53pm

Hi,

I registered myself in a discussion forum that uses your system. I tried to set up 2 factor authentication there but it failed in the last step. When I entered back the code from my device it responded with error:

Invalid authentication code

Here on your forum I successfully enabled it. Do you know where might be a problem? I would then advise the administrators of that forum.

Thanks.

Cheers,
Fero

dax · April 10, 2018, 1:56pm

Is it possible to have a link to that site or is it private?

fero · April 10, 2018, 2:38pm

Link to the forum. You can register there freely.

Thanks for any hint.

Cheers,
Fero

J5lx · May 14, 2018, 8:02pm

I recently had the same issue on a forum I host, and in the end I figured out that it occurred because my server time was slightly off. Try comparing the time of your server (including seconds) to network time (e.g. via time.is), and if it’s different make sure that your system is configured to sync its clock across the network (using something like systemd-timesyncd or ntpd, if you’re on Linux). For me that did the trick.

fero · May 15, 2018, 12:23pm

Perfect, thanx Jacob. That was the root cause. It is fixed now.

Fero

codinghorror · May 15, 2018, 11:08pm

@featheredtoast I was noticing that even being a few seconds off here causes things not to work… can we add a bit more grace period for time slop?

featheredtoast · May 15, 2018, 11:18pm

Sure thing - I’ve added a 30 second grace window that should alleviate this.
https://github.com/discourse/discourse/commit/74aecdfd9d93b8e2df4719c4140209dd38bb4ae0

codinghorror · May 15, 2018, 11:25pm

Wait … reading the code, prior to this we had a ZERO second grace period?

featheredtoast · May 15, 2018, 11:28pm

The protocol comes with a 30 second window already, so it’s not as strict as it looks - This just adds a little more generosity.

kirupa · June 14, 2018, 4:26am

I am having this same problem on my forums (https://forum.kirupa.com/), and this used to work just fine. I have ensured the time is synchronized correctly as well. I think. Here is my Ubuntu time settings:

Local time: Thu 2018-06-14 00:24:04 EDT
Universal time: Thu 2018-06-14 04:24:04 UTC
RTC time: Thu 2018-06-14 04:23:14
Timezone: America/New_York (EDT, -0400)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-11 01:59:59 EST
Sun 2018-03-11 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-11-04 01:59:59 EDT
Sun 2018-11-04 01:00:00 EST

If there isn’t an easy work around, is there any way to disable 2FA on my account via SSH’ing as root?

Thanks,
Kirupa

codinghorror · June 14, 2018, 4:28am

Is your server time not set to UTC?

kirupa · June 14, 2018, 4:31am

Bingo. That fixed it. Thanks for the help, Jeff!

Topic		Replies	Views
Cannot login with 2fa after Daylight Saving Time change support	3	1286	November 24, 2020
2FA - do we have to do anything to enable it? support 2fa	12	3521	January 20, 2024
Cannot use 2FA to reset password support	6	638	October 15, 2019
Unable to login after disabling 2FA support	5	797	May 18, 2020
Locked out of own forum. Asking for two-factor verification I never set up. Help : ) support	6	403	September 30, 2022

Two factor auth consistently returns invalid authentication code

Related Topics