Two factor auth consistently returns invalid authentication code

Support
1

Hi,

I registered myself in a discussion forum that uses your system. I tried to set up 2 factor authentication there but it failed in the last step. When I entered back the code from my device it responded with error:

Invalid authentication code

Here on your forum I successfully enabled it. Do you know where might be a problem? I would then advise the administrators of that forum.

Thanks.

Cheers,
Fero

2 Likes
2

Is it possible to have a link to that site or is it private?

2 Likes
4

Link to the forum. You can register there freely.

Thanks for any hint.

Cheers,
Fero

5

I recently had the same issue on a forum I host, and in the end I figured out that it occurred because my server time was slightly off. Try comparing the time of your server (including seconds) to network time (e.g. via time.is), and if it’s different make sure that your system is configured to sync its clock across the network (using something like systemd-timesyncd or ntpd, if you’re on Linux). For me that did the trick.

5 Likes
6

Perfect, thanx Jacob. That was the root cause. It is fixed now. :slight_smile:

Fero

7

@featheredtoast I was noticing that even being a few seconds off here causes things not to work… can we add a bit more grace period for time slop?

1 Like
8

Sure thing - I’ve added a 30 second grace window that should alleviate this.
https://github.com/discourse/discourse/commit/74aecdfd9d93b8e2df4719c4140209dd38bb4ae0

4 Likes
9

Wait … reading the code, prior to this we had a ZERO second grace period? :dizzy_face:

4 Likes
10

The protocol comes with a 30 second window already, so it’s not as strict as it looks - This just adds a little more generosity.

4 Likes
11

I am having this same problem on my forums (https://forum.kirupa.com/), and this used to work just fine. I have ensured the time is synchronized correctly as well. I think. Here is my Ubuntu time settings:

Local time: Thu 2018-06-14 00:24:04 EDT
Universal time: Thu 2018-06-14 04:24:04 UTC
RTC time: Thu 2018-06-14 04:23:14
Timezone: America/New_York (EDT, -0400)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-11 01:59:59 EST
Sun 2018-03-11 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-11-04 01:59:59 EDT
Sun 2018-11-04 01:00:00 EST

If there isn’t an easy work around, is there any way to disable 2FA on my account via SSH’ing as root?

Thanks,
Kirupa

12

Is your server time not set to UTC?

2 Likes
13

Bingo. That fixed it. Thanks for the help, Jeff! :slight_smile:

4 Likes
14

This topic was automatically closed after 2250 days. New replies are no longer allowed.