How TOTP Uses Time
TOTP means time-based one-time password. The algorithm takes the secret token and the current time window, then calculates the code. When the window changes, the 2FA code changes too.
Most services use about a 30-second window. Some accept a neighboring window to tolerate minor clock drift.
Why a Code Can Fail
If device time and server time are too far apart, the code may look correct but still be rejected. Wrong tokens, extra characters, and expired codes can cause the same result.
What to Do
Check device time, wait for the next interval, and use the fresh code. If the problem remains, verify the Base32 token or set up 2FA again on the target service.
Why 30 Seconds Is Common
About 30 seconds is a balance between usability and security. The user has time to copy and enter the code, but an intercepted value becomes useless quickly.
If two authenticators show different codes, check whether the secret is the same, time is synchronized, and the current interval has not expired.