TIL that for 2FA the RFC 6238 recommends allowing for a time drift of at least ±1 time step (typically 30 seconds) on either side of the current time.

While I can’t get all that time back spent sitting there waiting for the token to roll over, sure as hell happy to learn this now. 😂