TwoFactorCodeMismatch consisntent issue

[KokoAlexiev]

Hello all,

Whenever I am generating 2fa codes via the cli tool and then using them, It could be the case that I get ERROR: TwoFactorCodeMismatch. This error doesnt happen frequently, but it does happen consistently (if I had to estimate, I get it around 2% of the time).

Could someone help me deal with this ? One possible cause I was able to find by looking at forums of other people with similar issue using SDA was a mismatch between the time of the 2fa generator and the 2fa user, however, I have ensured the system clock is the same for both generator and user.

Any insights would be greatly appreciated. If more info is needed to delve into what causes the problem I would be more than happy to provide it.

Apologies if this has been covered previously, but I myself couldn't find anything related

Thanks in advance.

[dyc3]

By default, we actually ping steam for the time, so it should be correct all the time. And I'm pretty sure Steam has some built in leeway so that you can use a previous code for a little bit after it technically should be invalid. I have no idea why that's happening.

[prenaissance]

Without any logs I can't be sure, but I suppose that you have the following issue:

Steam invalidates MFA codes after usage, to prevent replay attacks. This basically means that you can only log in with intervals of at least 30 seconds.

Can you reproduce this when waiting at least 30 seconds between log ins?