Common Causes
TOTP depends on two things: the secret key and time. An error appears when the Base32 token is incomplete, includes spaces, belongs to another account, or was replaced after 2FA was configured again.
Time is the other common issue. The code is short-lived, so a value copied near the end of an interval may expire before it is submitted. If the device clock drifts far from the server, even a fresh-looking code can fail.
How to Check the Token
Copy the secret without spaces, quotes, or line breaks. Confirm that it is the Base32 token or otpauth link, not the one-time code itself. If the secret came from a QR code, make sure that QR code belongs to the right service and account.
Then wait for a new code and submit it immediately. If you use an online authenticator, refresh the page or confirm that the countdown timer is working.
When to Reset 2FA
If the error repeats, disable the old setup and enable 2FA again on the target service. Save the new recovery codes and remove old secrets from documentation.
Avoid guessing or repeatedly submitting old values. Some services temporarily block sign-in attempts after multiple failures.