Troubleshooting

2FA Code Not Working? 7 Fixes to Try Right Now

2026-01-10 ยท 6 min read ยท Steven Adams ยท Last reviewed: March 2026

You enter your 2FA code and get "Invalid verification code" โ€” even though it looks correct. This is one of the most frustrating 2FA problems, and almost always has a simple fix.

In This Guide

  1. Fix 1: Sync Your Device Clock
  2. Fix 2: Wait for the Next Code
  3. Fix 3: Enter the Code Manually
  4. Fix 4: Check You're Using the Right Account
  5. Fix 5: Remove Spaces
  6. Fix 6: Reconfigure the Authenticator
  7. Fix 7: Use a Backup Code

Fix 1: Sync Your Device Clock (Most Common Fix)

TOTP codes are time-based. If your phone's clock is even 30โ€“60 seconds out of sync, every code you generate will be invalid.

Android: Settings โ†’ General management โ†’ Date and time โ†’ enable Automatic date and time

iPhone: Settings โ†’ General โ†’ Date & Time โ†’ enable Set Automatically

This fixes 90% of invalid code problems. Always check this first.

Fix 2: Wait for the Next Code

TOTP codes expire every 30 seconds. If you enter a code in the final second of its cycle, the server may reject it as too old. Simply wait for the next code and enter it immediately.

Fix 3: Type the Code Manually

Auto-fill or copy-paste can sometimes introduce hidden characters or spaces. Type the 6-digit code manually, digit by digit.

If you have multiple accounts in your authenticator app, it's easy to accidentally use the code for the wrong one. Verify the issuer name and account label match the service you're logging into.

Fix 5: Remove All Spaces

Some services require the code as 6 continuous digits (e.g. 123456), while others accept it with a space (e.g. 123 456). If one format fails, try the other.

Fix 6: Reconfigure the Authenticator

If codes are consistently wrong despite a synced clock, the secret key may have been set up incorrectly. Go to the service's security settings, disable 2FA, and re-enable it scanning a fresh QR code.

Fix 7: Use a Backup Code

If you still cannot log in, use one of your saved backup codes. Most services provide 8โ€“10 backup codes when you first enable 2FA. After using a backup code, consider reconfiguring your authenticator.

Understanding TOTP Time Sensitivity

Time-based one-time passwords (TOTP) depend critically on the synchronization between your device's clock and the server's clock. The TOTP algorithm divides time into 30-second intervals. Both your authenticator app and the server calculate which interval you are in, and both generate the same code for that interval. If your device's clock is off by even 30 seconds, you will be generating codes for the wrong time window.

Most servers implement a tolerance window that accepts codes from the immediately preceding and following intervals (effectively a 90-second window). However, if your clock drift exceeds this tolerance, every code you generate will be rejected.

Platform-Specific Time Sync Instructions

Android

  1. Open Settings โ†’ System โ†’ Date & Time
  2. Enable "Use network-provided time" and "Use network-provided time zone"
  3. In Google Authenticator: tap โ‹ฎ โ†’ Settings โ†’ Time correction for codes โ†’ Sync now
  4. Restart your phone

iPhone

  1. Open Settings โ†’ General โ†’ Date & Time
  2. Enable "Set Automatically"
  3. If already enabled, toggle it off, wait 10 seconds, then toggle it back on
  4. Restart your iPhone

Advanced Troubleshooting

Multiple Authenticator Apps

If you have installed more than one authenticator app (e.g., Google Authenticator, Authy, and Microsoft Authenticator), ensure you are checking the correct app. It is possible you registered the account in a different app than the one you are currently checking.

VPN and Location Issues

Some services enforce geographic restrictions. If you are using a VPN that makes it appear you are logging in from an unusual location, the service may reject valid 2FA codes as a security precaution. Try disabling your VPN temporarily.

Browser Cache and Cookies

Stale session data in your browser can sometimes interfere with 2FA verification. Try clearing your browser cache or using an incognito/private browsing window.

Verify Your TOTP Setup

You can verify that your secret key generates correct codes using our browser-based 2FA code generator. This runs entirely in your browser with no data sent to any server, making it safe to test your setup.

Prevention Checklist

  • Keep automatic time enabled on all devices
  • Save backup codes for every service in a secure password manager
  • Label entries clearly in your authenticator app to avoid confusion
  • Scan QR codes instead of manually typing secret keys
  • Register multiple 2FA methods where supported
  • Periodically verify your setup by logging out and logging back in

Still Locked Out?

If none of these fixes work, contact the service's support team. You will typically need to verify your identity using your account email, recovery phone number, or government ID.

Related Articles

Troubleshooting

2FA Codes Out of Sync โ€” How to Fix

Fix time-sync issues with TOTP codes.

Read โ†’
Troubleshooting

Lost Your Phone? Here's What to Do

Recover account access after losing your authenticator.

Read โ†’
Troubleshooting

2FA Backup Codes Explained

What backup codes are and how to use them.

Read โ†’

The Most Common Causes

A 2FA code that is not being accepted is almost always one of four things: clock drift (your device's time is out of sync), entering the code too slowly (it expired before submission), using the wrong account's code (you have multiple entries in your authenticator app and selected the wrong one), or a one-time setup error where the secret key in your app does not match what the server has stored. Working through these in order will resolve the vast majority of cases without needing to contact support.

Fix 1: Sync Your Device Clock

TOTP codes are calculated from the current time. If your device clock is off by even 60 seconds, you will generate codes that the server considers invalid because they are from the wrong time window. On Android with Google Authenticator: tap the three-dot menu โ†’ Time correction for codes โ†’ Sync now. On any device: go to Settings โ†’ Date & Time and enable automatic time synchronisation. Ensure your time zone is also set correctly. On iPhone: Settings โ†’ General โ†’ Date & Time โ†’ Set Automatically must be enabled.

Fix 2: Check You Are Using the Right Entry

If you have multiple accounts in your authenticator app, it is easy to accidentally use the code for a different account โ€” especially if multiple entries have similar names. Carefully check the account name label in your authenticator app matches the service you are logging into. Some services appear multiple times if you enrolled 2FA more than once (for example, after a device switch). If in doubt, try the code from each entry that matches the service name.

Fix 3: Re-Enroll If the Secret Key Is Corrupted

If clock sync is correct and you are using the right entry but codes consistently fail, the secret key stored in your authenticator app may not match what the server has. This can happen from an interrupted setup process or a data corruption event. The fix is to disable 2FA on the account (using backup codes to log in) and re-enroll by scanning a fresh QR code. This generates a new secret key that both your app and the server agree on. Verify with two consecutive code windows before considering the issue resolved.

Frequently Asked Questions

Why did my 2FA code work once and then stop? Each TOTP code can only be used once โ€” the server marks it as used to prevent replay attacks. If you see a "code already used" error, it means the code was submitted successfully on a previous attempt (possibly a duplicate request from a slow connection) or someone else used it first. Wait 30 seconds for a fresh code.

My code works on one device but not another. Why? If the same account's code works in one authenticator app but not another, the app that fails has a corrupted or incorrect secret key. Delete the entry from the failing app and re-add it by scanning the QR code again from the service's 2FA settings (you will need to disable and re-enable 2FA to get a new QR code).

I entered the correct code but the site says it is wrong. Is there a bug? Before concluding it is a site bug, verify: your device clock is accurate to within 30 seconds of UTC, you are using the code for the correct account in your authenticator app, and you are submitting the code before it expires. If all three are confirmed and codes still fail, try a different browser, clear cookies, and try again. If still failing, contact the service's support โ€” there may be a server-side issue with your account's 2FA configuration.