2FA code authentication time-sync issue/too strict authentication #241

New issue

Closed

opened 2026-02-20 08:00:43 -05:00 by deekerman · 1 comment

deekerman commented

2026-02-20 08:00:43 -05:00

Owner

Originally created by @itsthejb on GitHub (Feb 27, 2019).

Hi all,

First of all, love this implementation! Great work on it!

One medium issue I keep having: it appears that the 2FA code authentication implementation has a timestamp-related issue. That is, it definitely works, but I find that the generation of the code on my app (currently Authy on iOS) and my bitwarden_rs installation (using this docker image) is heavily out of sync. That is, I either have to enter the code in the first seconds of the code being generated, or the last seconds. Meaning, clearly the timestamp of the server and the timestamp of the 2FA client are quite out of sync. Alternatively, this could be caused by the fact that bitwarden_rs doesn't leniently accept "late" or "early" codes.

I have been able to log in, but authenticating a new client is quite frustrating and this seems to be a genuine issue. Of course, alternatively this may also be an issue that should be fixed in the container.

Hope that someone can help. Thanks!

Originally created by @itsthejb on GitHub (Feb 27, 2019). Related? https://github.com/dani-garcia/bitwarden_rs/issues/306 Hi all, First of all, love this implementation! Great work on it! One medium issue I keep having: it appears that the 2FA code authentication implementation has a timestamp-related issue. That is, it definitely works, but I find that the generation of the code on my app (currently Authy on iOS) and my `bitwarden_rs` installation ([using this docker image](https://hub.docker.com/r/mprasil/bitwarden)) is heavily out of sync. That is, I either have to enter the code in the first seconds of the code being generated, or the last seconds. Meaning, clearly the timestamp of the server and the timestamp of the 2FA client are quite out of sync. Alternatively, this could be caused by the fact that `bitwarden_rs` doesn't leniently accept "late" or "early" codes. I have been able to log in, but authenticating a new client is quite frustrating and this seems to be a genuine issue. Of course, alternatively this may also be an issue that should be fixed in the container. Hope that someone can help. Thanks!

deekerman closed this issue

2026-02-20 08:00:44 -05:00

deekerman commented

2026-02-20 08:00:44 -05:00

Author

Owner

@itsthejb commented on GitHub (Feb 27, 2019):

Ok, my bad: Seems ntpd wasn't running on my server (thought it was) and my date was quite off. Fixed with something like https://serverfault.com/questions/368602/how-do-i-update-a-centos-servers-time-from-an-authoritative-time-server

@itsthejb commented on GitHub (Feb 27, 2019): Ok, my bad: Seems `ntpd` wasn't running on my server (thought it was) and my date was quite off. Fixed with something like https://serverfault.com/questions/368602/how-do-i-update-a-centos-servers-time-from-an-authoritative-time-server

deekerman referenced this issue

2026-02-20 08:02:48 -05:00

docker image behind apache ReverseProxy - an unexpected error has occurred (not logged) #488

deekerman referenced this issue

2026-02-20 08:03:07 -05:00

Bitwarden_rs Support for Subpaths，how to config (caddy) ? #526

deekerman referenced this issue

2026-02-20 08:03:42 -05:00

Unable to run bitwarden_rs with nginx and basic auth #605