OTP codes from Mac not working due to Mac clock running fast

I’m a fan of Time-based One-time Password, aka TOTP, as a means of Two-factor authentication. I’m also a fan of the 1password password manager, which I have set up to sync between my various devices: a laptop Mac, an Android phone, and an iPad. A nice feature of 1password is that it will act as an OTP authenticator, if you store the TOTP secret (either copy-pasted as text, or scanned as a QR code that decodes to a URL containing the same text) alongside your password info. So if I’m lying in bed with only my iPad nearby and I need an OTP code to log into something, I don’t have to get up and grab my phone to get it from Google Authenticator. (I do also have the OTPs in Google Authenticator though.) More importantly, this means that none of my devices is a single point of failure; if my phone is stolen or dies, I can still get into stuff because I have the secrets synced to multiple devices, encrypted in transit and at rest by the password manager.

But, this all stops working when your Time-based OTP is generated on a Mac with a clock running over a minute fast!

Continue reading “OTP codes from Mac not working due to Mac clock running fast”