The server that authenticates 2FA tokens is apparently running about 20-25 seconds slow (the clock). The active token is only accepted during the last few seconds it is valid (as indicated in the authenticator app) and for many seconds more after the token value has changed. This indicates that the server performing the authentication has a slow clock (as its idea of what the token should be lags what is actually current).
Can someone please check into this and make sure the system time is correct? Eventually, 2FA will stop working for people because there will never be agreement between the authenticator app on one’s phone and the 2FA server on Anet’s side.