BTC-TC and there vision of TIME ZONES

[dunchy]

Please help.

I've managed to lock two accounts on btctc due to wrong synchronization between the website and google authenticator on my phone. All other of my 2FA authenticated sites work absolutely flawlessly.

In both cases immediately after turning 2FA on, I logged out and was never able to log back in.

My phone's time zone: GMT+2 Belgrade. Really don't have any idea why the phone is listing Belgrade as +2 instead of +1, maybe because of some daylight savings, but as I said all other of my 2FA enabled web sites work with this and don't complain.

btc-tc's time zone in account settings: GMT+1 Belgrade. Now here is only +1 for Belgrade.

Any one has any idea how to try to fix this beside awaiting for eternity for them to reset my 2FA settings? And with one constraint: I'm not going to play with my phone's time zones, in fear of fucking up everything else.

[zwanzig20]

Please help.

I've managed to lock two accounts on btctc due to wrong synchronization between the website and google authenticator on my phone. All other of my 2FA authenticated sites work absolutely flawlessly.

In both cases immediately after turning 2FA on, I logged out and was never able to log back in.

My phone's time zone: GMT+2 Belgrade. Really don't have any idea why the phone is listing Belgrade as +2 instead of +1, maybe because of some daylight savings, but as I said all other of my 2FA enabled web sites work with this and don't complain.

btc-tc's time zone in account settings: GMT+1 Belgrade. Now here is only +1 for Belgrade.

Any one has any idea how to try to fix this beside awaiting for eternity for them to reset my 2FA settings? And with one constraint: I'm not going to play with my phone's time zones, in fear of fucking up everything else.

I am pretty sure Google authenticator doesn't block because of timezones. How are you so sure it is because of the timezone? You just use the code from GOOGLE as a two factor authentication.

[Foxpup]

btc-tc's time zone in account settings: GMT+1 Belgrade. Now here is only +1 for Belgrade.

Well, there's your problem. Your phone's timezone is correct. Belgrade is currently GMT+2, due to daylight saving time. I have no idea why BTC-TC thinks Belgrade is GMT+1, but that is definitely an error on their side.

[CIYAM]

Google authenticator uses unix time epoch (i.e. # of seconds since 1970-01-01 UTC) so timezone has absolutely nothing to do with it.

Either your device is not in sync with network time or their server isn't (if others aren't having this problem then most likely it is your device).

[dunchy]

But consider following:

1. In their section "Google Auth Help" (https://btct.co/gauthfaq) they are taking examples of correcting time zones.
2. In this wiki article about UTC (http://en.wikipedia.org/wiki/Coordinated_Universal_Time) small widget on the right titled "current time" shows exactly -2 hours compared to my local time.
3. After I locked my first account I did play with time zone settings on my phone at which point  2FA on all other of my 2FA enabled accounts stopped working until I changed it back.

What falls to my mind right now is: I did change BTCT's default time zone of GMT+0 London in my account setting to GMT+1 Belgrade before I scanned the QR code, but I haven't requested the issuance of a new QR code. Might this be the source of a problem?

Did anyone of you, who have 2FA enabled, actually change the BTCT's default time zone of GMT+0 to your local one before enabling google authentication?

[CIYAM]

If they are using some sort of time zone adjustment in regards to RFC 6238 (aka Google Authenticator) then they are doing it wrong.

Understand the part of the algo that deals with the current time is as follows:

Code:

uint64_t tm = time( 0 ) / freq;

where "freq" is 30 (for 30 seconds) and time( 0 ) has no tie to a time zone (it is *always* seconds since UTC epoch).

CIYAM Open uses Authenticator and the server is set to UTC time - I have tested using a Galaxy S3 set to China time (UTC +8.0) and it works perfectly as expected - so in short a correct implementation doesn't care about whatever time zone you are using.

Are you sure the time is correct (to within say 10 seconds) on your device?

A couple of suggestions I'd make for anyone implementing Authenticator would be:

1) don't enable its use at login *until* the server has verified you are able to give back a correct PIN

2) keep one previous value to help out with possible time variance (so you can test what the user provides against the current PIN and that of 30 seconds ago)

[dunchy]

Are you sure the time is correct (to within say 10 seconds) on your device?

How can I measure this? I just logged into bitfunder minutes ago with no problem. If I click on option: Google Authenticator(my phone app) / Settings / Time correction for codes / Sync now it just says: "...internal clock was not adjusted because it appears to already be in sync with Google servers"

[CIYAM]

If Authenticator is working with one website but not theirs then perhaps it is their clock that is out or something else has gone wrong.

I think only their support can help you further with this.

[Boukefalos]

You can check whether BTC-TC uses HOTP or TOTP (Google Authenticator supports both). HOTP is counter based, wheras TOTP uses time. If it turns out to use HOTP, you could try to use an alternative client to generate a HOTP with the counter set to an arbitrarily high number. Did you take a note of the secret key?

[b!z]

PM their support. Their time is probably out of sync.

[zwanzig20]

Did your issue get sorted? Let us know

[dunchy]

Did your issue get sorted? Let us know

You have to be logged in to be able to submit support request. In case of login problems you can only submit automated request for 2FA reset after 30 days period.

I am sure that changing default time zone in account settings created this mess.

Did you take a note of the secret key?

Yes I did. Here are my credentials (It's a clean account without any funds or assets):
user: whospumpin
pass: QSq0oyyTDEOJ

QR code for 2FA:



The only things I did were:

1. Register an account.
2. Logged in after email confirmation
3(!). Changed in account settings default time zone from GMT+0 to GMT+1
4. Activated 2FA by scanning the given QR code. I did not request the re-issuance of a new QR code, but used the one already there.
5. Logged out to check if everything is ok and was never able to log back in.

Now, If something is wrong from my side then somebody else will be able to login. Please tell me if you do.

If anyone using 2FA on BTCT and not living in GMT+0 time zone is reading this, please tell me did you change your account's default time zone on btct?