Why do tokens change constantly?

The Authy app provides Two-Factor Authentication as an extra level of security for your accounts. It generates something called a Time-based One-Time Passcode (TOTP) directly within the app. These are the codes of 6 numbers that you're seeing. Since they're one-time passcodes, they change every 20 or 30 seconds and can only be used once, to increase security, and make it a lot harder for bad actors to penetrate private accounts. Time-based One-time Passcodes are generated using a shared secret (a random string of characters) and the current time. The TOTP algorithm uses that shared secret to generate a 6-digit time-based code that expires every 30 seconds. This time is fixed by the algorithm, and cannot be manually changed. 

Illustrative Facebook and Twilio tokens (TOTP)

You don't need to do anything with these codes except when you're trying to log into your original account, where you’ll be able to enter them as a secure way of identifying yourself.

Have more questions? Submit a request