How does a hardware token synchronize with the current system clock?
The "GO" tokens (GO 6, GO 7, e.g.) have a built-in internal clock which is compared to the Defender Security Server (DSS) when an authentication occurs. When the token is first used the individual token time is stored in Active Directory and used for future authentications.
The "GO" token is an event and time based token, so it is not a simple case of providing a time window where the token will/will not work. It is based on a combination of factors.
Please refer to How to troubleshoot Defender 'GO' token issues for issues with GO token functionality.