2FA sometimes does not work

Most commonly this is trouble with your local time settings on your PC, @Cartman. TOTP, as you may well know, generates a code based upon your TOTP secret, your local machine time, and math. If the time is off, then it's not going to generate the right code. It also totally can behave in a manner where it works sometimes with the time off because a given code is good for a defined about of time, like 30 seconds. So if your time is off by less than 30 seconds, it will still work sometimes, it's just your window where it will work is smaller. Anyway, long story short(ish), next time you see this, try toggling all of the settings to automatically set your time in Windows settings, then toggle them back on. That will correct any time drift and, 9 times out of 10, correct any issues with TOTP. :+1:

@Cartman:

Thank you for the update. I have seen this issue with time settings very often in Windows, so if you could double-check those, it is likely that those will be the culprit.

A good resource that makes it easy to check this is the following website:

https://time.is/

After making sure the time is the same on every one of your devices, your authenticator codes should be accepted.

I'm actually thinking it could be network in that case, @Cartman. Waking from sleep is generally quite troublesome on that front as Windows can take some time to get your network fully ready. If it's not ready, 1Password can't check that code with the server so it's just going to fall on its face. A few things if you see it again – check in the top right corner of your app by the X and see if you see a crossed out cloud icon there when this happens. Also, I'm a bit curious as to why you're being prompted for 2FA so often in the first place – I had assume you were signing in on the website, but your mention of autolock now makes me think it's the desktop app and your app should only prompt you for MFA on a new device you've never signed in before. I'm starting to think it may not ever be completing properly ...

Oh, it's no problem at all, @Cartman. It was my fault for making an assumption in the first place. Certainly MFA issues on the website are more common, but the desktop app absolutely can and does misbehave at times and I should know better than to presume it's not.

Give it is the desktop app, though, that seems almost like it has to be network. Or, more precisely, something preventing a proper connection to the server fairly often. MFA is required only the very first time you sign in with a given device and under certain circumstances where you specifically trigger that requirement, like if you tell your PC to require MFA next time from the website. Once you've authorized and synced up for the first time, your encrypted data is already available locally on that device so MFA doesn't really provide much in the way of additional protection – the only thing it would do is prevent any changes from syncing to that device.

Anyway, that aside, I think it would be best to take a look at some diagnostics at this point. I suspect we might be chasing our tails a bit here and that the reality is that your codes have been fine the whole time and what's wrong is that you're having significant enough issues connecting to the server that auth is having trouble across the board. It's not that the codes are wrong, it's just failing often enough to be a giant fuss. To that end, I'd like to ask you to create a diagnostics report from your PC:

Sending Diagnostics Reports (Windows)

Attach the diagnostics to an email message addressed to support+forum@agilebits.com and include a link to this thread in case someone other than me is the one who sees them first. That way they'll have the benefit of the context of our discussion here.

You should receive an automated reply from our BitBot assistant with a Support ID number. If you post that number here, that'll help us track the diagnostics down quicker so we can take a look as soon as possible. Once one of us has an opportunity to look them over and find some clues, we'll get back to you via e-mail with next steps. :+1: Thanks!