Windows client doesn't provide correct 1-time passwords despite machine time being correct

I have the Windows client installed on 3 machines, the iOS client installed on 6, and the macOS client on 1. The iOS and macOS clients have no problem providing the correct one-time passwords on accounts that I've enabled 2FA; the Windows clients at this point, for whatever reason, are not, despite the machines' time being correct (provided by domain controller synced to time.gov). I've taken the step of disabling 2FA for a couple accounts and re-adding them via QR code and, when updated this way, they provide correct one-time passwords when prompted, but I'd really like to not have to do that for all of my 2FA-enabled accounts. Any insight would be greatly appreciated!


1Password Version: Windows 7.6.785
Extension Version: Not Provided
OS Version: Windows 19041.572 (and later)
Sync Type: 1Password account
Referrer: forum-search:one-time password

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @AGC,

    Indeed, it is quite strange that only Windows machines misbehave like this. Could you please take a look at your time settings and tell me if they look similar to mine?

    Also, am I right to understand that if you update a 2FA code for an item, this new code works correctly, but old codes continue to fail? Please confirm, as this makes the situation even stranger. Thanks!

    ++
    Greg

  • AGC
    AGC
    Community Member

    Hi Greg! My settings page does look like that although the Time server setting is set to synchronize via domain controller, which as it turns out is likely the problem. I have 1Password installed on two corporate Windows machine and one personal Windows machine; the personal Windows is not seeing the problem, unlike what I originally posted, which almost certainly means something is wrong in the time sync via our domain controller, I think?

  • ag_ana
    ag_ana
    1Password Alumni

    @AGC:

    I think you hit the nail on the head. If you look at one of the corporate machines and at your personal Windows computer, is the time different?

  • AGC
    AGC
    Community Member
    edited November 2020

    The time is different but theoretically not enough to affect matters, I thought. It’s only 30 seconds off from time.gov’s clock. Is that enough to foul this up?

  • ag_ana
    ag_ana
    1Password Alumni

    @AGC:

    Yes, 30 seconds is actually enough, since that's the default validity time of a TOTP ;)

  • AGC
    AGC
    Community Member

    Great, problem solved! I'll get my network admins to see if we can fix the domain controller time issue then. Thank you everyone!

  • ag_ana
    ag_ana
    1Password Alumni

    You are very welcome @AGC! If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.