TOTP 30 seconds ahead

I have one of my slots in my onlykey setup to do TOTP. I use it A LOT. Recently it stopped working for auth with my remote linux desktop. I have been using yubico authenticator until I had a moment to troubleshoot. When I spit out the TOTP into a text editor and compared to Yubico authenticator, I noticed the onlykey numbers were coming out 30 seconds earlier than the Yubico.

Today, I opened the chrome app, and right after, the times/TOTP on the onlykey were correct. After a while it was incorrect again. Closing and opening the chrome app fixed the problem.

Is this a bug or a misconfiguration?

is the clock on your pc accurate? because TOTP relies on somebody throwing in the time for it. if the onlykey config tool is in the background, it’s likely it just throws the time over, and the website may use a server time.

OnlyKey time is set by the app once, the first time it connects, this is then used for TOTP until OnlyKey is removed.

Actually, what t11 makes sense. I recently started closing my office door now that it is colder and have been leaving the onlykey plugged in (the led is so obnoxious I would normally unplug it at night). It has probably been plugged in for some time continuously and is experiencing clock drift. I mistakenly thought it would ask for the time each TOTP cycle. I will try unplugging/replugging.

All thanks for the replies. I assume this fixed the issue. I will start a new topic and reference this if I see it again.

did you try the LED brightness setting?

Funny you should ask that. I noticed it when I was looking through the app yesterday. I had not looked in the app for some time before that. When I have some time I will experiment with it. For now, I am happy to close the door :slight_smile:

Myself and my friend also experience TOTP time difference, but not always. I cannot tell when the problem occurs exactly, but something is wrong. Im using windows 10 and my friend is on mac. Im using Only key app, and he is using website for time sync.

Are you suggesting that onlykey is able to connect to the internet??/
That would be a huge security flaw

All FIDO2 security keys connect to websites - FIDO2: Moving the World Beyond Passwords using WebAuthn & CTAP

Its not a security flaw.