OTP codes from Mac not working due to Mac clock running fast

I’m a fan of Time-based One-time Password, aka TOTP, as a means of Two-factor authentication. I’m also a fan of the 1password password manager, which I have set up to sync between my various devices: a laptop Mac, an Android phone, and an iPad. A nice feature of 1password is that it will act as an OTP authenticator, if you store the TOTP secret (either copy-pasted as text, or scanned as a QR code that decodes to a URL containing the same text) alongside your password info. So if I’m lying in bed with only my iPad nearby and I need an OTP code to log into something, I don’t have to get up and grab my phone to get it from Google Authenticator. (I do also have the OTPs in Google Authenticator though.) More importantly, this means that none of my devices is a single point of failure; if my phone is stolen or dies, I can still get into stuff because I have the secrets synced to multiple devices, encrypted in transit and at rest by the password manager.

But, this all stops working when your Time-based OTP is generated on a Mac with a clock running over a minute fast!

The TOTP secret was the same, but the codes coming out were different, and it took me a few minutes to realize that the codes on the Mac were two values ahead of the codes on my phone, because each code is valid for 30 seconds, and the clock was ~60 seconds fast on the Mac.

Naturally I had the “Set date and time automatically” checkbox in Date and Time preferences enabled and set to time.apple.com., so it surprises me that the clock was wrong. Anyway, I have changed the NTP server list based on this old post on Mac OS X Hints to 0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org, and hopefully that’ll keep this clock drift problem from happening again.

Leave a Reply

Your email address will not be published. Required fields are marked *