Interzone
All FAQ articles
FAQ

Why 2FA Codes Change Every 30 Seconds: TOTP and One-Time Codes

A one-time code has a short lifetime so an intercepted 2FA code cannot be reused later.

Open 2FA generator All FAQ articles

How TOTP Uses Time

TOTP means time-based one-time password. The algorithm takes the secret token and the current time window, then calculates the code. When the window changes, the 2FA code changes too.

Most services use about a 30-second window. Some accept a neighboring window to tolerate minor clock drift.

Why a Code Can Fail

If device time and server time are too far apart, the code may look correct but still be rejected. Wrong tokens, extra characters, and expired codes can cause the same result.

What to Do

Check device time, wait for the next interval, and use the fresh code. If the problem remains, verify the Base32 token or set up 2FA again on the target service.

Why 30 Seconds Is Common

About 30 seconds is a balance between usability and security. The user has time to copy and enter the code, but an intercepted value becomes useless quickly.

If two authenticators show different codes, check whether the secret is the same, time is synchronized, and the current interval has not expired.

Need a code now?

Open the online 2FA generator and create the current TOTP/OTP code from a Base32 token.

Generate 2FA code online