2FAApp Local-first security tools
Use tools

Explain the visible code users enter during login.

What Is a 2FA Code?

Understand 6-digit and 8-digit 2FA codes, why they expire, and why a correct code can still fail.

A 2FA code is the short value you type during login, but the secret behind it is what matters.
Different platforms use different digit counts, windows, and sometimes different code types.
A correct code can fail if it belongs to the wrong account, the wrong issuer, or an expired time window.

Why the visible code changes

The code is derived from a secret and a moving counter or time window. That means the visible code expires quickly and is not useful outside the intended window.

Why correct codes fail

A correct-looking code can still fail if it was generated for a different account entry, if the phone clock is off, or if the platform changed the secret after a reset.

How to use codes safely

Treat codes as transient proof, not as a reusable credential. If you need to share something with support, share only non-secret metadata and follow the platform's recovery flow.

Action items

  • Check the issuer and account label before entering a code.
  • Use a fresh code from the current time window.
  • If the code still fails, move to a recovery path instead of brute forcing.

Cautions

  • A code shown in a screenshot can already be expired.
  • Never type a real 2FA code into an untrusted site or chat.

Related pages

2FA Code Not Working Troubleshoot invalid 2FA codes by checking time drift, account labels, algorithm settings, and recovery options. 2FA Time Drift Checker Check whether device time drift may be causing valid authenticator codes to fail.

Related questions

Why is my 2FA code not working? Most failures come from device clock drift, selecting the wrong account entry, using an expired code, or a platform-side reset. Start with time sync, then check the account label and recovery options.