Troubleshooting

2FA Codes Out of Sync: How to Fix Time Synchronisation Problems

2026-01-12 ยท 5 min read ยท Steven Adams ยท Last reviewed: March 2026

TOTP authenticator codes are generated using the current time. If your phone's clock drifts by more than 30 seconds, every code you generate will be rejected โ€” even if it looks right.

In This Guide

  1. Why Codes Go Out of Sync
  2. Fix on Android
  3. Fix on iPhone
  4. Fix in Google Authenticator
  5. Fix in Authy

Why TOTP Codes Go Out of Sync

Your authenticator app and the server both independently calculate the current 30-second time window. If your clock is off โ€” even by 31 seconds โ€” you'll be calculating a different window than the server, and your code will be wrong.

Common causes: airplane mode for extended periods, travelling across time zones, a faulty system clock, or a recently replaced phone battery.

Fix Time Sync on Android

  1. Open Settings
  2. Go to General management โ†’ Date and time
  3. Toggle Automatic date and time off, then back on
  4. Your phone will sync with network time servers

Fix Time Sync on iPhone

  1. Open Settings โ†’ General โ†’ Date & Time
  2. Enable Set Automatically
  3. If already enabled: disable it, wait 10 seconds, then re-enable it to force a re-sync

Sync Time in Google Authenticator

Google Authenticator has a built-in time correction feature for Android:

  1. Open Google Authenticator
  2. Tap the three-dot menu (โ‹ฎ) โ†’ Settings โ†’ Time correction for codes
  3. Tap Sync now

On iPhone, Google Authenticator uses the system clock โ€” fix the iOS clock as described above.

Sync Time in Authy

Authy automatically synchronises time with its servers. If you're seeing wrong codes in Authy, the issue is almost certainly your device's system clock โ€” fix it using the Android or iPhone steps above.

Quick test: Use 2faco.com to generate a code using the same secret key. If the code matches what your app shows but still fails, the issue is on the server side or in how you entered the key.

After Re-Syncing

Your codes should start working immediately after fixing the clock. If codes are still rejected, the service may require you to wait 5โ€“10 minutes for the fix to propagate.

Why TOTP Codes Are Time-Dependent

TOTP (Time-based One-Time Password) codes work by combining your secret key with the current time. Both your authenticator app and the server independently calculate the expected code for the current 30-second window. If your phone's clock shows a different time than the server's clock โ€” even by a minute or two โ€” the code your app generates will not match what the server expects, resulting in an "Invalid code" or "Incorrect code" error.

How to Fix Time Sync on iPhone

Go to Settings โ†’ General โ†’ Date & Time and make sure Set Automatically is toggled on. This keeps your iPhone synchronised with Apple's time servers. If it is already on and you are still having issues, toggle it off, wait a few seconds, then toggle it back on to force a re-sync.

How to Fix Time Sync on Android

Go to Settings โ†’ General Management โ†’ Date and Time (location varies by manufacturer). Make sure Automatic date and time is turned on. Some Android versions also show a Sync now button. For Samsung devices, it may be under Settings โ†’ General Management โ†’ Date and Time โ†’ Automatic date and time.

How to Fix Time Sync in Google Authenticator

Google Authenticator has a built-in time correction feature. On Android: tap the three-dot menu โ†’ Time correction for codes โ†’ Sync now. This corrects for any clock drift in the app itself, independent of your device's system clock. Note: this feature is available on Android; on iOS, rely on the system time setting.

The 30-Second Grace Window

Most servers accept not just the current 30-second window's code, but also the one from the immediately preceding window (the previous 30 seconds). This gives a 60-second total grace period to account for network latency and minor time differences. If your clock is off by more than about 30 seconds, even this grace period may not help โ€” use the time sync steps above.

Other Causes of TOTP Failures

Time drift is the most common cause, but not the only one. Other possibilities: you are entering the wrong code (check you are looking at the right account in your authenticator app); the code has just expired as you were typing (wait for the next code and enter it quickly); you have multiple entries for the same service and are using the wrong one (common after re-scanning a QR code without deleting the old entry); or the service has a stricter synchronisation requirement than standard. If syncing your clock does not fix the issue, try deleting the account from your app and re-scanning the QR code from the service's 2FA settings.

Related Articles

Troubleshooting

2FA Code Not Working? Here's the Fix

7 fixes for rejected 2FA codes.

Read โ†’
Troubleshooting

Why Is My 2FA Code Invalid?

Common reasons codes fail and how to fix them.

Read โ†’
Troubleshooting

Google Authenticator Not Working

Fix all common Google Authenticator issues.

Read โ†’
Education

What Is a Unix Timestamp?

Understand the time system behind TOTP.

Read โ†’

What "Out of Sync" Actually Means

When your 2FA codes are out of sync, it means the code your authenticator app generates does not match the code the server expects at the same moment. Since TOTP codes are calculated from two inputs โ€” your secret key and the current time โ€” an out-of-sync situation has only two possible causes: the secret key in your app is different from what the server has stored, or your device's clock is not accurately showing the correct time. Clock drift is by far the more common cause and the easier fix.

Fixing Clock Drift

TOTP uses the current Unix time (seconds since 1 January 1970 UTC) divided by 30 to determine which time window you are in. If your device clock is 60 seconds fast, you are generating codes for the next time window โ€” codes the server will not accept for another 60 seconds. If your clock is 60 seconds slow, you are generating codes for the previous window โ€” codes the server considers already expired. Most servers tolerate one window of drift (accepting codes from one window before and after the current one), but beyond that, codes fail.

To fix: on Android with Google Authenticator, open the app, tap the three-dot menu, select "Time correction for codes," and tap "Sync now" โ€” this adjusts the app's internal time offset without changing your system clock. On any device, go to Settings โ†’ Date & Time and ensure automatic time sync is enabled. If you are in a region with an unstable time server, consider manually setting your time against time.is or worldtimeserver.com and then enabling automatic sync.

Fixing a Mismatched Secret Key

If your clock is accurate but codes are still consistently rejected, the secret key in your app may not match what the server stored. This can happen if the QR code scan was interrupted, if the app experienced data corruption, or if you accidentally enrolled against a test or staging version of a service rather than production. The only fix is to disable 2FA on the account (using backup codes to log in), then re-enable it by scanning a fresh QR code โ€” generating a new secret key that both sides agree on.

Frequently Asked Questions

My codes were working yesterday but stopped today. What changed? Device clocks can drift over time, particularly if your phone was in airplane mode for an extended period or if automatic time sync was disabled. Re-enabling automatic time sync and syncing manually in Google Authenticator usually resolves this immediately.

I have the same account in two authenticator apps and one works but the other does not. Why? The app that works has an accurate clock or the correct secret key; the app that fails has either clock drift or a corrupted/incorrect secret key. Use the working app as your primary and delete the entry from the failing app, then re-add it.

Can 2FA codes be permanently out of sync? Yes โ€” if the secret key stored in your app does not match the server's, codes will never match regardless of clock accuracy. Disabling and re-enrolling 2FA (using backup codes to authenticate during the process) is the only resolution.