I finally solved an issue I was having with one-time passwords and 2FA. No matter how many times I tried to log in with a OTP it would fail. I must have made upwards of 50 log in attempts and it always failed with an invalid OTP message. The odd thing was that it had worked before and one day stopped working. I even tried multiple authenticator apps and they all failed.
Eventually I noticed that the time on my phone was off by about a minute. I checked my phone settings and for whatever reason my date and time was manually set instead of using automatic date and time via an NTP server. I turned on that setting and attempted the 2FA and it worked.
My suggestion for the docs is that we add to Configuring two-factor authentication > Resolving OTP errors to suggest that the user check their device time and verify that it is correct. Something like:
OTPs are time-synchronized and require time to be in sync between the authenticator application and the server. If you continue to have issues with invalid OTPs make certain that your device’s system time is accurate. Consider enabling automatic date and time if the option is available.