GitLab two-factor authentication (2FA) TOTP interval

GitLab 2FA uses TOTP, a time-based protocol. The server and your phone app both calculate a 'current code' based on the time. You prove who you are to the server by showing that you know the current code.

To make this system usable, the server allows you to be off a bit in your calculation of the current code. So if you submit the previous code not too long after the current code changed, it is still OK.

If the clocks of your phone app and the server are too far apart, the server will never believe you that you know the current code.

The default 'time step' interval (the time a code is current) is 30 seconds. https://tools.ietf.org/html/rfc6238#section-5.2

This time must be set at the time your phone and the server shake hands, otherwise your phone app does not know how fast it should generate new codes.

Admin message

Admin message

GitLab two-factor authentication (2FA) TOTP interval