If your account requires it, you'll be redirected to a one-time passcode (OTP) step right after signing in with your email and password. It's an extra layer of security on top of your password — proof that whoever is signing in also has access to the code delivery method on file, not just the password itself. Passwords can be guessed, reused across sites, or leaked in a breach elsewhere; a one-time code that expires and only reaches you directly is a meaningfully stronger check.
What you'll learn
How to enter your one-time code
How the resend cooldown works, and why clicking it early looks like nothing happened
What happens if you enter the wrong code too many times
This step is conditional Not every account is required to verify with a one-time code. Whether you see this step depends on your account's security settings — see <a href="/account-security/signing-in/">Signing In</a> for the full sign-in flow leading up to this point.
Entering your code
1
Find your code
Check for the one-time code sent to you.
2
Enter it
Type the code into the verification field.
3
Submit
Confirm to complete sign-in.
The OTP verification screen with the code entry field and the Resend code link below it.
The resend cooldown
The Resend code link exists for the ordinary case — the code took a minute to arrive, or you closed the message before reading it. But it's rate-limited on purpose: allowing unlimited instant resends would make it easier to abuse the delivery channel, so a short cooldown is enforced between each send.
The resend link has a 60-second cooldown After each time you send a code, the "Resend code" link is on a 60-second cooldown. Clicking it before the cooldown ends does nothing visible — no error message appears, no toast, nothing — it simply won't resend yet. Wait for the countdown to finish before trying again.
Too many invalid codes: what the lockout looks like
This is the one behavior on this page most worth reading before you hit it, because it can genuinely look like the app has crashed if you don't know it's coming.
Entering too many invalid codes triggers a lockout If you enter an incorrect code too many times, the form visibly stops responding for about 8 seconds — no spinner, no message, it just appears frozen — before automatically redirecting you back to the login page. This is expected security behavior, not a bug. The deliberate pause is there to slow down anyone trying to repeatedly guess a code, rather than letting attempts fire rapidly one after another. Simply sign in again afterward to request a fresh code.
If this happens to you, the important thing to know is that nothing is wrong with your account or your browser — waiting it out and signing in again is the entire recovery path.
Common questions
Probably not — the resend link has a 60-second cooldown after each send. If you click it before the cooldown ends, nothing visibly happens and no error is shown. Wait for the countdown, then try again.
This happens after entering too many invalid codes. The form pauses for about 8 seconds with no visible feedback, and then redirects you to login as an expected security measure. Sign in again to get a new code.
It's an extra layer of security for accounts that require it, on top of your password — see <a href="/account-security/signing-in/">Signing In</a> for when this step is triggered.
The exact number isn't displayed to you on purpose — what matters practically is that entering several incorrect codes in a row will pause the form and send you back to login, at which point signing in again gets you a fresh code and a fresh set of attempts.