2FA is not working

This is regarding 2FA on my account:

  1. I logged out and tried to log back in - my 2FA code wasn’t working even after multiple tries (“OTP code is incorrect”).
  2. Then I used a recovery code and successfully logged in.
  3. I tried to remove the current 2FA setup from Netlify. Again the code wasn’t working, so used a recovery code and removed 2FA from Netlify.
  4. Then I deleted the 2FA from my auth app (google authenticator).
  5. Next I tried adding 2FA back on Netlify, scanned QR on goog auth → but once again code is not working.

Any clues as to what’s going on? (PS: I have about 40 2FAs setup, so extremely familiar with the process) Thanks.

Any chance you’ve any ad blocking or browser extensions that might be interfering?

Ahhhhhhhhh yes, that must be it!

< hits his head on the nearest wall > many times

Well that wasnt it. I use uMatrix - disabled completely to try this. Still the same error even after trying multiple times.

Alright, just for the sake of trying, can you try if any other app is working?

Still no luck.

Tried a second browser with Google auth - same problem
1st browser with Microsoft auth - same problem
2nd browser with Microsoft auth - same problem

That’s strange. A support engineer should soon check this for you.

Thanks that would be great.

I actually opened a support ticket on 11th, but it was unhelpful. After multiple back and forth, I was told “I’ve disabled 2FA for your account, so you can set it up again and get new codes.” → which was not even the problem. So :man_shrugging:

Hi, @zehawki. We are not getting other reports of 2FA issues so this is quite the mystery. I did reply to the support ticket just now as well.

My best guesses are either local clock drift or a browser plugin blocking site javascript. In the ticket I’ve asked for permission to test logging in as you.

Please do reply to that ticket if we can be of further assistance with this issue.

Just to confirm also, the time is right on the phone with Google authenticator ?

Hi, @rahul-sundaresan. Yes, I was wondering this too as the clock being wrong is one of the few things that will break 2FA.

Hi @luke, I’ve already replied to you in detail on 18th.

@rahul-sundaresan: yes, its on network time, so time is automatically set. Moreover, I’ve use the “clock sync” feature inside the Authenticator app to eliminate this as a possibility.

But this definitely looks like a problem on my side, since I’m getting intermittent failure on 2 other sites where I use 2FA. Though I’m really unable to pin point the issue… its very puzzling whats going on. And I’ve been using various 2FA for a very long time without ever seeing such an issue.

I did test logging in as you (only after you gave permission on the ticket of course) and enabling 2FA for the login.

The 2FA setup and subsequent login attempts using 2FA were all successful. I am not able to reproduce the issue when I test.

The password login method was removed (as it was disabled before I tested) and the 2FA settings were reverted as well.

If there are other questions or concerns, please let us know.