Years back… While I was doing some gardening, I was jumping over a row of bushes along the way. And my phone fell out of my pocket into the brush. I spent hours looking for it, and luckily I found it. But after that experience of nearly losing my phone, I decided set up a dedicated phone that only handles that. As the thought of having to contact place I had a code to get a new one just makes my brain hurt alone by only that. I also got rid of my pants that had tiny pockets in them, as they were also partially to blame for my phone falling out. I hate pants with small pockets.. lol
After moving my codes to my new phone, I kept it in my office in a safe place so I did not need to worry about losing it and dealing with the painstaking time it would take to get up and running again. Sometimes asking for a replacement 2fa code will trigger an entire process of verifying who I am. I mean it makes sense you don’t want people defeating its use by faking who they are. But all and all I really needed a separate phone for just that.
For about a month the phone worked great, but eventually I started getting invalid code responses when trying to login. I feared someone changed my 2fa credentials, right away I went to thinking it was a hacker. I even started the process on a few sites to get a new code as my old one was not working.
While I was trying to figure out the cause, I noticed the time on my 2fa phone was just a minute or two off of my computers time. My 2fa phone is not on wifi or any other kind of connection, all the codes are scanned in and used without internet. So because of this, the time was drifting on my 2fa phone. And eventually drifted enough to make the codes not work.
Usually when you have a phone connected to the internet in some way, it can sync its time with a network time clock. So over a month of using this device and not changing the time. The internal clock was not perfect. This is pretty common with devices that keep time. I find many devices I have 2-3 minutes slower or faster after a year of time keeping.
So makes sense that 2fa would act up without the time being accurate. So once I fixed the time, sure enough every code started working again! I was so glad, it was just a user mistake.
Now when I need to use my 2fa, first thing I do is go into the clock. And wait until my computers clock that is controlled by a network clock hits the next minute. And then I sync the time and its good for another week or two.
So yeah two stories, one about losing your 2fa phone and how much that can suck if you did not back up the codes. And the other story being about how important the clocks time is on the device you are using for 2fa.
Next time your 2fa code does not work, check the time.