I tried logging into Kagi on a laptop which had been sleeping for two months and it kept rejecting my app-generated 2FA code. I was mystified because the codes worked fine on my desktop.
Then I noticed the system clock on the laptop was two minutes behind the desktop's because Windows apparently doesn't immediately do an NTP sync on wake and the laptop's RTC had drifted during the two month nap.
The codes worked after forcing an NTP sync.
Add an error message when 2FA fails telling users to check their clocks, or better yet warn them if their clocks are not in sync with the Kagi server's.
