Your hosts time seems to be correct / within margin
- Next create a QR code and let the user scan it:
...or display the secret to the user for manual entry: VIVU XA2D HVTE EXSF QPHM HGF5 SXCY GGTF
- Next, have the user verify the code; at this time the code displayed by a 2FA-app would be: 984220 (but that changes periodically)
- When the code checks out, 2FA can be / is enabled; store (encrypted?) secret with user and have the user verify a code each time a new session is started.
- When aforementioned code (984220) was entered, the result would be: OK