If you need to know how to fix Google Authenticator not working, the issue is usually one of a few predictable causes: time drift, a lost device, an app migration problem, or an account setup mismatch.
This guide explains how Google Authenticator works and the exact steps to restore your codes without making the problem worse.
Why Google Authenticator stops working
Google Authenticator is a time-based one-time password (TOTP) app used for two-factor authentication on services such as Google, Microsoft, Amazon, GitHub, Binance, and many banking platforms.
It generates short-lived verification codes locally on your phone, so if the app, device, or account record falls out of sync, the codes may be rejected.
The most common reasons include:
- Incorrect device time causing the one-time password to fail.
- App migration issues after changing phones or restoring a backup.
- Deleted or lost authenticator entries when the account was not exported correctly.
- Outdated app data or a corrupted installation.
- Account-side changes such as re-enrollment, revoked secrets, or changed security settings.
Check the phone’s time and time zone first
Time drift is one of the most frequent causes of failed codes.
TOTP apps depend on precise system time, and even a small mismatch can make valid codes appear incorrect.
On Android
- Open Settings.
- Tap Date and time.
- Enable Use network-provided time and Use network-provided time zone.
- Restart Google Authenticator and try again.
On iPhone
- Open Settings.
- Go to General and then Date & Time.
- Turn on Set Automatically.
- Open the app again and test the code.
If your device time is correct but codes still fail, check whether the service you are signing into has a clock issue of its own.
Some sites validate codes on the server side and may temporarily reject them during maintenance or sync problems.
Make sure you are using the right authenticator entry
Many users have multiple accounts in Google Authenticator, especially if they manage personal, work, and financial logins.
A code for the wrong account will always be rejected, even if it looks valid.
Review these points:
- Confirm the account label matches the service you are trying to sign in to.
- Check whether the service requires an email, username, or device-specific code.
- If you recently changed your password or security settings, verify that the authenticator entry was not reset and re-enrolled.
Some websites also support multiple authenticators for the same account.
If you added a new phone and kept the old one active, you may need to use the most recently enrolled secret on the current device.
Fix a broken migration or phone change
If Google Authenticator stopped working after moving to a new phone, the problem is often incomplete transfer rather than app failure.
Google Authenticator now supports cloud sync for some users, but older setups or manual transfers can still leave entries behind.
What to check after switching devices
- Confirm that you signed into the same Google account used for sync, if sync was enabled.
- Look for missing accounts in the new app compared with the old device.
- Verify that exported QR codes were fully imported during migration.
- Check whether the old phone was factory reset before all accounts were moved.
If the old phone is still available, use the built-in transfer feature or export codes again from the service’s security settings.
If the old phone is gone, you will likely need recovery codes, backup methods, or direct support from each service.
Clear app issues without losing access
When the app itself is buggy, simple maintenance can help.
Before deleting anything, understand whether your entries are synced to a Google account or stored only on the device.
Safe steps to try
- Update Google Authenticator from the App Store or Google Play.
- Restart the phone to clear temporary system glitches.
- Close and reopen the app.
- Check whether storage restrictions or battery optimization settings are limiting background behavior.
On Android, some manufacturers aggressively manage background apps.
While Google Authenticator does not need constant background access to generate codes, severe system restrictions can interfere with smooth syncing or account visibility.
If the app appears frozen or blank, updating it is often safer than reinstalling immediately.
Use backup methods to regain access
If you cannot get a valid code, do not keep guessing indefinitely.
Most services provide alternate recovery options that are safer and more reliable than repeated failed login attempts.
Common backup methods include:
- Recovery codes saved when two-factor authentication was first enabled.
- SMS verification if the account still allows it.
- Backup email or secondary confirmation prompt.
- Hardware security key such as a YubiKey or other FIDO2/WebAuthn device.
- Authenticator on another device if you enrolled multiple phones or tablets.
If you have recovery codes, use one immediately and then reconfigure two-factor authentication after regaining access.
Recovery codes are usually one-time use, so save new ones afterward.
What to do if you lost the only authenticator device
Losing the only device with Google Authenticator can lock you out of accounts if no backup was set up.
In that case, the fastest route is usually the account provider’s recovery process.
Expect the provider to ask for:
- Previous passwords
- Trusted devices or browser sessions
- Backup email access
- Phone number verification
- Identity verification for financial or enterprise accounts
For Google Accounts, use the official account recovery flow.
For Microsoft, GitHub, Amazon, or banking accounts, use their respective support or recovery pages.
Be prepared for waiting periods, especially if suspicious activity is detected.
Re-enroll the authenticator after access is restored
Once you regain access, reset two-factor authentication carefully so the new secret is stored correctly.
This is the best way to prevent the same issue from happening again.
Best practices for re-enrollment
- Generate fresh backup codes and store them offline.
- Register at least two authentication methods if the platform supports it.
- Keep a second trusted device when possible.
- Save QR codes or recovery information in a secure password manager.
- Test the new code before signing out of the old method.
If the service allows it, consider adding a hardware security key as a backup to an authenticator app.
Security keys are resistant to phishing and do not depend on phone storage or app sync.
When Google Authenticator is not working for a specific site
Sometimes the app is fine, but one website still rejects the code.
That usually means the site’s 2FA setup is misconfigured or outdated.
Check the following:
- The site is asking for the correct current code, not an old recovery token.
- You are entering the code before it expires.
- The account was not reset by an admin or security policy.
- You are not confusing authenticator codes with backup codes.
Enterprise platforms using identity providers such as Okta, Entra ID, Duo Security, or Ping Identity may also enforce policy changes that invalidate older enrollments.
In workplace environments, an administrator may need to reset your multifactor authentication record.
How to prevent Google Authenticator problems in the future
Once you have access again, build redundancy into your setup.
A single authenticator on one phone is convenient, but it is not the most resilient option.
- Use cloud sync if available and appropriate for your security policy.
- Store recovery codes in a password manager or secure offline location.
- Register a backup authenticator device if the platform allows it.
- Keep the phone’s time set automatically.
- Review 2FA settings after any device replacement or factory reset.
With the right backups, you can avoid the most common causes of lockout and recover quickly when a code fails.
The key is to verify time, confirm the correct account entry, and rely on recovery options before attempting risky resets.