Two factor auth consistently returns invalid authentication code



I registered myself in a discussion forum that uses your system. I tried to set up 2 factor authentication there but it failed in the last step. When I entered back the code from my device it responded with error:

Invalid authentication code

Here on your forum I successfully enabled it. Do you know where might be a problem? I would then advise the administrators of that forum.



(Daniela) #2

Is it possible to have a link to that site or is it private?


Link to the forum. You can register there freely.

Thanks for any hint.


(Jakob Gahde) #5

I recently had the same issue on a forum I host, and in the end I figured out that it occurred because my server time was slightly off. Try comparing the time of your server (including seconds) to network time (e.g. via, and if it’s different make sure that your system is configured to sync its clock across the network (using something like systemd-timesyncd or ntpd, if you’re on Linux). For me that did the trick.


Perfect, thanx Jacob. That was the root cause. It is fixed now. :slight_smile:


(Jeff Atwood) #7

@featheredtoast I was noticing that even being a few seconds off here causes things not to work… can we add a bit more grace period for time slop?

(Jeff Wong) #8

Sure thing - I’ve added a 30 second grace window that should alleviate this.

(Jeff Atwood) #9

Wait … reading the code, prior to this we had a ZERO second grace period? :dizzy_face:

(Jeff Wong) #10

The protocol comes with a 30 second window already, so it’s not as strict as it looks - This just adds a little more generosity.

(Kirupa Chinnathambi) #11

I am having this same problem on my forums (, and this used to work just fine. I have ensured the time is synchronized correctly as well. I think. Here is my Ubuntu time settings:

Local time: Thu 2018-06-14 00:24:04 EDT
Universal time: Thu 2018-06-14 04:24:04 UTC
RTC time: Thu 2018-06-14 04:23:14
Timezone: America/New_York (EDT, -0400)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: yes
Last DST change: DST began at
Sun 2018-03-11 01:59:59 EST
Sun 2018-03-11 03:00:00 EDT
Next DST change: DST ends (the clock jumps one hour backwards) at
Sun 2018-11-04 01:59:59 EDT
Sun 2018-11-04 01:00:00 EST

If there isn’t an easy work around, is there any way to disable 2FA on my account via SSH’ing as root?


(Jeff Atwood) #12

Is your server time not set to UTC?

(Kirupa Chinnathambi) #13

Bingo. That fixed it. Thanks for the help, Jeff! :slight_smile: