Timezones Matched but Codes Still Mismatched

  • Resolved chasman

    (@chasman)


    6 years, 7 months ago

    We’ve been using the plugin for months and have it deployed on 20+ sites with no issues. TOTP with Google Authenticator (GA). However, our two most recently installed WP sites just won’t work with it because the codes never match.

    We saw the message about matching times, noticed the 1-hour difference. With high hopes, we altered the WP time zone to a UTC which syncs the clocks… we deleted the code from GA and scanned the barcode again… still no match.

    Do you have a troubleshooting page?

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Author David Anderson

    (@davidanderson)

    6 years, 7 months ago

    Hi,

    Timezones aren’t involved, because the TOTP protocol is based upon the UTC time. Attempting to change a timezone to make up for wrong server time can’t work. The server’s view of what UTC time is has to be correct, irrespective of which timezone it is configured to display times in.

    (Assuming that your TOTP app is running on a device with correct time, of course).

    David

    Thread Starter chasman

    (@chasman)

    6 years, 7 months ago

    My ISP has the server set an hour behind UK time so I’m buggered then…

    Plugin Author David Anderson

    (@davidanderson)

    6 years, 7 months ago

    Well, if it’s time is really set to something that is not the time (and as I say, timezones are irrelevant – timezones are only to do with *what time is displayed*, not *what time it is*), then that’s a defect that you should ask them to fix. All kinds of things depend on correct time.

    Plugin Author David Anderson

    (@davidanderson)

    6 years, 7 months ago

    Having said that… the plugin has filters for checking codes outside of the strict TOTP 30-second window (defaults to 2 windows). You could use those – but, of course, that means that at any time time there’d be an hour’s worth of codes that are valid (i.e. approx 120 of them), so you’d have to weigh up whether it’s an acceptable trade-off.

    So, if it’s in the past:

    add_filter('simbatfa_check_back_time_windows', function() { return 125; });

    This still won’t show the correct code (so you’d be wise to check the login process in a different browser, and not log out), it’ll just check more of the historical codes.

    • This reply was modified 6 years, 7 months ago by David Anderson. Reason: Fix typo
    • This reply was modified 6 years, 7 months ago by David Anderson. Reason: Really fix typo
    Plugin Author David Anderson

    (@davidanderson)

    6 years, 7 months ago

    Sorry, fixed the typo. Code also assumes PHP 5.3+.

    eddxavier

    (@eddxavier)

    6 years, 6 months ago

    Hi David,

    I hope you are well.

    I’m experiencing the same issue, although my server UTC time is correct.

    Is there anything I should do to troubleshoot this issue?

    Thank you,

    Eduardo

    Plugin Author David Anderson

    (@davidanderson)

    6 years, 6 months ago

    @eddxavier Please open a fresh topic so that the email alerts don’t go to other people.

    eddxavier

    (@eddxavier)

    6 years, 6 months ago

    Hi David,

    Sorry for the confusion, but since the issue seems to be the same, I thought I would post it to the same topic before creating a new one.

    In any case, I have created a new topic as you suggested.

    https://wordpress.org/support/topic/otps-dont-match-with-the-ones-provided-by-google-authenticator/

    Thanks you,

    Eduardo

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Timezones Matched but Codes Still Mismatched’ is closed to new replies.