2FAApp Local-first security tools
Use tools

Diagnose why a valid-looking code is rejected.

2FA Code Not Working

Troubleshoot invalid 2FA codes by checking time drift, account labels, algorithm settings, and recovery options.

Most TOTP failures come from time drift, selecting the wrong account entry, expired windows, or a platform-side reset.
TOTP parameters can vary. Algorithm, digit count, and period should match the platform's setup value.
If the code keeps failing, stop guessing and switch to official recovery before lockout controls escalate.

Check time and account label first

TOTP is calculated from a shared secret and the current time step. Make sure the phone clock is set automatically, the time zone is correct, and the authenticator entry matches the account and issuer you are trying to access.

Confirm setup parameters

Most consumer setups use 6 digits and a 30-second period, but RFC 6238 allows different algorithms and parameters. If you manually entered a key, re-check the issuer, secret, algorithm, digits, and period shown by the platform.

Use recovery when retries stop helping

If a platform has regenerated the secret, disabled the method, or locked the account after repeated failures, the old app code will not start working again. Move to backup codes, a second factor, or the official recovery form.

Recovery actions

  • Turn on automatic date and time on the device that generates the code.
  • Wait for the next code window and enter the fresh code immediately.
  • Verify that the authenticator entry belongs to the same platform and account email.
  • If you changed 2FA recently, remove stale authenticator entries after the new one is confirmed.

Important limits

  • Repeated guesses can trigger rate limits or account locks.
  • A valid-looking code from the wrong account entry will always fail.
  • Never send screenshots of QR codes or manual setup keys to support.

Related pages

2FA Time Drift Checker Check whether device time drift may be causing valid authenticator codes to fail. What Is a 2FA Code? Understand 6-digit and 8-digit 2FA codes, why they expire, and why a correct code can still fail.

Related questions

Why is my 2FA code not working? Most failures come from device clock drift, selecting the wrong account entry, using an expired code, or a platform-side reset. Start with time sync, then check the account label and recovery options.