The iOS 9 clock issue previously discussed (see https://news.ycombinator.com/item?id=10262244) is a lot worse than originally indicated.<p>Our devops team are seeing users who can no longer authenticate using 2FA code generators because their phones are off by over 30 seconds. The offset seems fairly random - a quick poll in our office shows that it appears to only impact iOS9. Mine is off 3.7 seconds. The biggest offset I've seen is 41 seconds.<p>Reboots, setting manually and the n going back to auto etc don't fid it.<p>You can check your offset at http://time.is or by downloading the free Emerald Time ntp app.<p>Any suggestions for a workaround greatly appriciated.
Sounds like you need to contact the vendor that supplies your 2FA since it is misconfigured/incorrectly implemented.<p>I've seen this before with people who try to roll their own Google Authenticator/TOTP implementation.<p>What they do is they read the standard, note the 30 second default step size, and entirely ignore the window. If you look at Google Authenticator while the steps are 30 seconds, the window is +1 or -1, so you can enter three different valid codes at any one time (for three different steps: 0, +30, -30).<p>But don't take my word for it, Google has Authenicator source code available here:<p><a href="https://github.com/google/google-authenticator/blob/master/libpam/google-authenticator.c" rel="nofollow">https://github.com/google/google-authenticator/blob/master/l...</a><p>Look at "window" or "window_size" options. To quote Google's own comment:<p>> By default, tokens are good for 30 seconds and in order to compensate for possible time-skew between the client and the server, we allow an extra token before and after the current time. If you experience problems with poor time synchronization, you can increase the window from its default size of 1:30min to about 4min. Do you want to do so<p>So as I said, your 2FA is incorrectly done.
My iOS9 device is now 30.5 seconds ahead of NTP and growing about 1.5 seconds per day.<p>Apple support seems to think this is my inability to turn on the "automatic time setting" feature. I wish this problem had more visibility.