SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site,, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Why do tokens change constantly?

The Authy app provides Two-Factor Authentication as an extra level of security for your accounts. It generates something called a Time-based One-Time Passcode (TOTP) directly within the app. These are the codes of 6 numbers that you're seeing. Since they're one-time passcodes, they change every 20 or 30 seconds and can only be used once, to increase security, and make it a lot harder for bad actors to penetrate private accounts. Time-based One-time Passcodes are generated using a shared secret (a random string of characters) and the current time. The TOTP algorithm uses that shared secret to generate a 6-digit time-based code that expires every 30 seconds. This time is fixed by the algorithm, and cannot be manually changed. 

Illustrative Facebook and Twilio tokens (TOTP)

You don't need to do anything with these codes except when you're trying to log into your original account, where you’ll be able to enter them as a secure way of identifying yourself.

Have more questions? Submit a request
Powered by Zendesk