Technical 2FA server time seems off

[WheelOfCheese]

It seems that software (Google Authenticator, etc.) 2FA codes are only accepted for the first 5-10 seconds that a new code is generated in my software authenticator (Authy on Android). This means that if I miss this window, I must wait about 20 seconds for my authenticator to generate a new code. Warmane is the only 2FA-supporting service I have this issue with.

Based on this, it seems likely that the system clock of the server verifying the 2FA codes is about 20 seconds ahead of UTC.

Edit: This makes it particularly hard to connect to Icecrown during the DDoS, as I can only get about 2 attempts per 30 seconds in, if I'm fast. I'm effectively locked out 2/3 of the time since valid 2FA codes are rejected.

[Sixtyninee]

I can confirm this. I even wrote an authenticator which uses NTP and the login server seems to be on a different time than me. But this happens at any given time since authentication was added to the server.

[sventus]

I am also having the same problem. Even after syncing, the codes generated aren't working. I've had to turn off in-game two factor to be able to log in the game. I hope they correct this because I would prefer in-game TFA to be enabled.

[HerrPez]

I will add to this that my experience have been the same. 5-10 second window, whereafter the 2FA code is invalid for the remaining duration of the cycle.
The retail server, as I recall, would accept the previous cycle code as well as the current cycle, making any sync issue less of a problem. Although, obviously, the server time should ideally align with the clients so as to avoid any problems in the first place.