Why does clock drift even matter?

Because **dozens of protocols assume** everyone has a clock roughly equal to reality. **TOTP** (Google Authenticator) generates a code based on the current 30 s window - a 60 s drift means the code is stale. **TLS certificates** have validity dates - drift a week into the future and you see "not yet valid". **Kerberos** drops tickets at more than 5 minutes of skew. **Databases** resolve write conflicts by timestamp - a wrong clock means lost writes.

Milliseconds vs seconds - what is normal?

A healthy NTP client keeps offset **below 50 ms** on the public internet, often **below 10 ms** in a datacenter. Above 100 ms something is suspect (heavy UDP filter, overloaded server, bad startup). **Above 1 second** any modern system leaves a note in the syslog. **Above 30 s** TOTP breaks. **Above 5 minutes** Kerberos gives up. An unsynced motherboard clock drifts by **several seconds a week**.

What are stratum levels in NTP?

**Stratum** is the distance from an **authoritative time source**. **Stratum 0** = an atomic clock or GPS receiver itself (does not answer over the network). **Stratum 1** = a server connected directly to a stratum 0 (e.g. **time.cloudflare.com**, **time.google.com**, most servers in **pool.ntp.org**). **Stratum 2** = a server querying a stratum 1. Each hop adds uncertainty - **stratum 16** means "unsynchronized". In production you want stratum 1 to 3.

How is pool.ntp.org different from time.cloudflare.com / time.google.com / time.windows.com?

**pool.ntp.org** is a **distributed pool of thousands of volunteers** - DNS round-robin returns a different IP each time. Upside: huge geographic redundancy. Downside: server quality changes between queries. **time.cloudflare.com** and **time.google.com** are **stratum 1** anycast services backed by GPS, with the fastest RTT and the most stable offset. **time.windows.com** is the Microsoft server Windows uses by default - usually stratum 2 or 3, fine, but slower than Cloudflare or Google.

How does Windows sync time?

The **W32Time** service (Windows Time). By default it queries **time.windows.com** at boot and once every **7 days** (yes, really). That is far too rare for TOTP and certificates. You can improve it: in PowerShell run `w32tm /config /manualpeerlist:"time.cloudflare.com,time.google.com,pool.ntp.org" /syncfromflags:manual /update`, then `Restart-Service W32Time`, finally `w32tm /resync /force`. Check state with `w32tm /query /status`.

How does macOS sync time?

The **timed** daemon, which queries the server set in System Settings -> Date and Time (default **time.apple.com**, stratum 2). macOS does this **automatically and often** - you should not see drift bigger than **20 ms**. Force a manual sync with `sudo sntp -sS time.apple.com` (Big Sur and later) or `sudo systemsetup -setnetworktimeserver time.cloudflare.com` to change the server.

How does Linux sync time?

Two common options. **systemd-timesyncd** (default on Ubuntu desktop, a simple SNTP client): config in **/etc/systemd/timesyncd.conf**, status with `timedatectl status`. **chrony** (default on RHEL / Fedora / most servers): config **/etc/chrony.conf**, status with `chronyc tracking` and `chronyc sources -v`. Chrony is **more accurate** and handles laptops that suspend (resyncs on wake). For production servers, use chrony.

When does drift become genuinely dangerous?

Thresholds we see in real outages: **30 s** = TOTP / Google Authenticator stops working, **2 min** = OAuth flows with JWT timestamps reject tokens, **5 min** = Kerberos / Active Directory boots every user, **24 h** = Lets Encrypt certs look not-yet-valid or expired, **30 days** = older certificates expire mid page load. Plus subtle: databases with timestamp-based conflict resolution **silently lose writes** at a few hundred ms of drift.

How do I fix drift - quick per-OS recipe?

**Windows** (admin PowerShell): `w32tm /resync /force`. If it stays off, change the server with the command from the FAQ above. **macOS**: `sudo sntp -sS time.cloudflare.com` instantly resets the clock, the system then keeps it. **Linux with chrony**: `sudo chronyc -a makestep` forces an immediate step (instead of a slow slew). **Linux with timesyncd**: `sudo systemctl restart systemd-timesyncd`. **Docker / containers**: the container inherits the host clock - fix the host, not the container. **VM**: vmtools or cloud-init usually sync with the hypervisor - check `timedatectl` to confirm NTP is active.

Exact atomic time online - free

Exact time online

A big clock displays the current reference time computed from four public NTP servers. Below it you see whether your computer is in sync - if it is not, by how many milliseconds.

Auto-refresh every 10 sTurn off to stop polling the servers.

What we do with the data

Our server queries the NTP servers on your behalf and returns the results. We do not log IPs, we do not store queries, and we never send your computer's time anywhere. Limit of 60 queries per hour per IP.

What an NTP drift check is

An NTP drift check measures the difference between your computer's clock, our server's clock, and four public NTP servers. Our server sends a small UDP packet to each one on port 123, reads back the timestamps, and computes the offset (how many milliseconds your clock is off) and the round-trip delay.

You get a single view with your machine's time, our server's time, the NTP reference time, and a bar chart of drift per server. Nothing to install, no admin rights, just refresh the page.

How to use it

Open the tool. Within seconds you see three big numbers: your computer time, our server time, and the NTP reference time (median across the four servers).

Below them you get two readings: your computer vs NTP and our server vs NTP. A positive value means your clock is slower than NTP. Negative means faster.

On the right you get a bar chart of drift per server (pool.ntp.org, time.cloudflare.com, time.google.com, time.windows.com). Useful to confirm the servers agree with each other.

Toggle auto-refresh every 10 seconds with the switch at the top. Off means one-shot measurement, same as pressing "Refresh".

If a server reports error: timeout, it did not reply in 3 seconds. Often a UDP filter on the path. The other three servers still give you a useful picture.

The stratum column shows how close to the source that server is. 1 = atomic clock or GPS, 2 = a server querying a stratum 1, and so on. Lower numbers have more authority.

When this is useful

Six situations where clock drift actually hurts:

TOTP / 2FA fails ("invalid code" even with the right secret) because a phone or server clock drifted by 30+ seconds. You can see immediately whether the problem is on your side.
TLS certificates marked invalid or "not yet valid" because the server clock is minutes off in either direction and everything breaks.
Log correlation across microservices - if each node has a different drift, events in Grafana and Loki line up in the wrong order and debugging turns into guesswork.
Kerberos / Active Directory rejects tickets when the gap between client and domain controller is over 5 minutes (the default clock skew tolerance).
Multi-master databases (Cassandra, ScyllaDB, CockroachDB) use timestamps to resolve write conflicts - a wrong clock means last-write-wins on the wrong write.
Smart contracts and blockchain RPCs often validate that block.timestamp is reasonable versus now. A wrong clock on your node = rejected transactions.

Questions and answers

Network Time Protocol is a 1985 protocol (RFC 5905) that lets computers sync their clocks over the network with millisecond accuracy on a LAN and a few tens of ms over the internet. The client sends a small UDP packet to an NTP server, the server replies with timestamps, the client computes offset and delay. Your whole operating system runs an NTP client in the background - on Windows it is W32Time, on Linux usually chrony or systemd-timesyncd, on macOS timed.

What an NTP drift check is

You get a single view with your machine's time, our server's time, the NTP reference time, and a bar chart of drift per server. Nothing to install, no admin rights, just refresh the page.

How to use it

Open the tool. Within seconds you see three big numbers: your computer time, our server time, and the NTP reference time (median across the four servers).

Below them you get two readings: your computer vs NTP and our server vs NTP. A positive value means your clock is slower than NTP. Negative means faster.

On the right you get a bar chart of drift per server (pool.ntp.org, time.cloudflare.com, time.google.com, time.windows.com). Useful to confirm the servers agree with each other.

Toggle auto-refresh every 10 seconds with the switch at the top. Off means one-shot measurement, same as pressing "Refresh".

If a server reports error: timeout, it did not reply in 3 seconds. Often a UDP filter on the path. The other three servers still give you a useful picture.

The stratum column shows how close to the source that server is. 1 = atomic clock or GPS, 2 = a server querying a stratum 1, and so on. Lower numbers have more authority.

When this is useful

Six situations where clock drift actually hurts:

TOTP / 2FA fails ("invalid code" even with the right secret) because a phone or server clock drifted by 30+ seconds. You can see immediately whether the problem is on your side.
TLS certificates marked invalid or "not yet valid" because the server clock is minutes off in either direction and everything breaks.
Log correlation across microservices - if each node has a different drift, events in Grafana and Loki line up in the wrong order and debugging turns into guesswork.
Kerberos / Active Directory rejects tickets when the gap between client and domain controller is over 5 minutes (the default clock skew tolerance).
Multi-master databases (Cassandra, ScyllaDB, CockroachDB) use timestamps to resolve write conflicts - a wrong clock means last-write-wins on the wrong write.
Smart contracts and blockchain RPCs often validate that block.timestamp is reasonable versus now. A wrong clock on your node = rejected transactions.

Questions and answers

Exact atomic time online

What an NTP drift check is

How to use it

When this is useful

Questions and answers

Related tools

World clock

Timezone converter

Unix timestamp converter

DNS Lookup

Exact atomic time online

What an NTP drift check is

How to use it

When this is useful

Questions and answers

Related tools

World clock

Timezone converter

Unix timestamp converter

DNS Lookup