troubleshooting

TOTP Code Not Working? How to Fix Common Issues

5 min read

Your code is right, but the site says it’s wrong

You open your authenticator app, read the 6-digit code, type it carefully, and… “Invalid code.” You try again with the next code. Same thing. You start wondering if you set something up wrong, or if the service is broken.

This happens more often than you’d think, and there’s almost always a simple explanation.

The most common cause: your clock is off

TOTP codes are calculated from two things: a secret key and the current time. Your phone and the server both need to agree on what time it is. If your phone’s clock is even 30 seconds off, you’ll generate a code for the wrong time window, and the server will reject it.

This is by far the most frequent reason for TOTP codes not working.

How to fix it:

  • On Android: Go to Settings > System > Date & time, and turn on “Set time automatically.” If it’s already on, toggle it off and back on. Some phones drift over time even with auto-sync enabled.
  • On iPhone: Go to Settings > General > Date & Time and make sure “Set Automatically” is on. If it already is and codes still fail, toggle it off, wait a few seconds, and turn it back on.
  • Google Authenticator has a built-in time sync: go to Settings > Time correction for codes > Sync now. This adjusts the app’s internal offset without changing your phone’s system clock.

If you’re traveling and manually set your phone to a different timezone, that shouldn’t affect TOTP (the algorithm uses UTC), but some poorly configured devices can get confused. Stick with automatic time.

You’re typing the code too slowly

TOTP codes are valid for 30 seconds. If you read the code from your app, switch to the browser, find the input field, and type it in, you might cross the boundary into the next time window. The code you typed is now the previous code.

Most servers accept codes from the adjacent time windows (one before, one after) to account for this. But if you’re right at the edge, you can still get rejected.

How to fix it: Wait for a fresh code to appear in your authenticator app, then type it immediately. Don’t start typing a code that has 5 seconds left on the countdown.

You scanned the wrong QR code or entered the wrong secret

If the code has never worked since you set it up, you probably stored the wrong secret key. This can happen if:

  • You scanned a QR code from a different account
  • You manually typed the secret key and made a typo
  • The setup process got interrupted and the key wasn’t saved correctly

How to fix it: Go to the service’s security settings, disable 2FA (you might need backup codes for this), and set it up again from scratch. Scan the QR code carefully, and verify by entering a code before closing the setup page.

You’re looking at the wrong account

If you have several accounts on the same service (a personal and a work Gmail, for instance), your authenticator app has entries for both. It’s easy to read the code from the wrong one, especially if the labels are similar.

How to fix it: Check the label on the TOTP entry in your app. Most authenticator apps show the email address or username associated with each entry. Make sure you’re reading the code for the account you’re actually logging into.

The server’s clock is wrong (rare, but it happens)

Sometimes it’s not your fault. If a service’s server has clock drift, it’ll reject valid codes from everyone. This is uncommon with big providers but can happen with smaller services, self-hosted applications, or corporate internal tools.

How to verify: Try your code on 2fa.zip. Enter the same secret key and see if the code it generates matches your authenticator app. If they match, the problem is on the server side, not yours. You’ll need to contact the service’s support team.

The secret key format is wrong

TOTP secrets are base32-encoded strings (using letters A-Z and digits 2-7). If you manually entered a secret and included characters outside this range, or if the service gave you a key in a different format, the generated codes will be wrong.

How to fix it: Double-check the secret key. Remove any spaces or dashes (those are just for readability). Make sure there are no ambiguous characters (0 vs O, 1 vs l). If in doubt, delete the entry and scan the QR code instead of typing the key manually.

Quick checklist

If your TOTP code isn’t working, run through this:

  1. Is your phone’s time set to automatic? (Fixes 80% of issues)
  2. Did you wait for a fresh code before typing?
  3. Are you reading the code for the correct account?
  4. Has the code ever worked, or did it fail from the start?
  5. Can you verify your code against 2fa.zip?

If you’ve gone through all of these and the code still doesn’t work, the issue is likely on the service’s end. Check their status page or contact support.

For step-by-step guides on setting up 2FA correctly from the start, see our guides for Discord and GitHub.

Secure your accounts with two-factor authentication

Generate TOTP codes instantly, right in your browser.

Try our free 2FA Code Generator

Related Posts

How to Recover 2FA Codes When You Lose Your Phone

Lost your phone and locked out of your accounts? Here's how to recover access when your authenticator app is gone.

Read more