TLDR: Your computer's clock should always be in sync !
A few days ago, I was playing with one of my VPS when it suddenly received a load spike which rendered it unresponsive.
To restart the whole server, I had to connect to my cloud provider. Unfortunately, I encountered a TOTP validation error during the login process. I use Keepass to manage all my passwords and TOTPs. I rarely have any issue but this time, the TOTP was not working.
Being in a rush, I quickly grabbed a recovery code, tried to disable the 2FA auth and restarted my server.
Of course, I forgot to investigate the real problem and let the issue persist.
A few days later (today), I tried to connect to my cloud provider and ran into the same issue. This time I tried other services where I had set up 2FA with TOTP and to my surprise they were are all failing.
My guess at this point was that there was an issue with Keepass or with the new year. Looking a little more into it, I red a comment explaining the differences between OTP and TOTP. TOTP is based on time and the T indicates this Time dependency. Suddenly it clicked, my computer's time is wrong !
It's 3 minutes into the future.
Strangely, fedora kinoite timedatectl reports that the NTP service is inactive and the system clock is not synchronised.
$ timedatectl
System clock synchronized: no
NTP service: inactive
After enabling the ntp service with:
$ sudo timedatectl set-ntp on
My computer's time was updated and was in sync with clocks around the world. TOTP Works !