2FA code is different between PC and iPhone [Time must be in sync between both]

attrapereves

I am having a major problem with two factor authentication on my Windows machine. I set up 2FA on my primary OSX machine for my Microsoft and Google accounts. It works great from my Mac, iPhone, and iPad synced over WiFi.

Because I am unable to use WiFi syncing or Dropbox syncing with my Windows machine, I export the OPvault, save it to a flashdrive, and import it into Windows when there are any changes (not very often).

The 2FA code is showing up on Windows and regenerating, but it does not match the code on my iPad or iPhone. The code in Windows does not work and throws an error. The codes on my iDevices work fine.

What could be the cause for the 2FA code not showing up correctly on Windows, but showing up fine on my other devices?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

MikeT

Hi @attrapereves,

In most cases, it is because the date/time settings on the PC does not match with your other devices. 2FA is very time-sensitive, even if it is off by a few seconds, it will show you a different code. The data does not change between computers but it does change how it generate the code based on the current computer's time/date settings.

Can you first check to make sure that it is in sync with your devices and if not, reconfigure it and see if it will fix the issue here. We are aware that for some users behind an Active Directory server, they will see a different code because they're forced to use the company's time server instead of the standard Windows time server.

attrapereves

I think that's the issue. My work computer doesn't appear to be set by any time server as I am not seeing that option under time settings like on a normal Windows machine.

Would manually setting the system time to match my iPhone fix the issue?

MikeT

Yes, it should fix it if you get it within a second of your device's time.

attrapereves

So let me see if I am understanding this correctly... Google and Microsoft know the algorithm for my 2FA. But in order for it to work properly, the time on Google and Microsoft's servers have to match almost exactly as the time on my devices?

If you manually changed your computer time to 1min before the actual time, would your computer display 2FA codes from one minute before the actual time?

You learn something new every day.

MikeT

Hi @attrapereves,

Yes, and also, for this to work really well, the code has to change every 30 seconds, that's why time is a critical aspect of this algorithm.

They're syncing their time against the same time servers that everyone should be using by default on Windows. Time should be almost perfect across the planet.

However, the reason I said against your device time is because that is the device with the working code. If the iPhone was the one with the broken code but the PC is correct, I would've say to make the iPhone match the PC.

The source of the correct time is on the device that you initially set up the authentication with.