Why this extra step exists

If your account requires it, you'll be redirected to a one-time passcode (OTP) step right after signing in with your email and password. It's an extra layer of security on top of your password — proof that whoever is signing in also has access to the code delivery method on file, not just the password itself. Passwords can be guessed, reused across sites, or leaked in a breach elsewhere; a one-time code that expires and only reaches you directly is a meaningfully stronger check.

What you'll learn
  • How to enter your one-time code
  • How the resend cooldown works, and why clicking it early looks like nothing happened
  • What happens if you enter the wrong code too many times
This step is conditional Not every account is required to verify with a one-time code. Whether you see this step depends on your account's security settings — see <a href="/account-security/signing-in/">Signing In</a> for the full sign-in flow leading up to this point.

Entering your code

1

Find your code

Check for the one-time code sent to you.

2

Enter it

Type the code into the verification field.

3

Submit

Confirm to complete sign-in.

OTP verification screen
The OTP verification screen with the code entry field and the Resend code link below it.

The resend cooldown

The Resend code link exists for the ordinary case — the code took a minute to arrive, or you closed the message before reading it. But it's rate-limited on purpose: allowing unlimited instant resends would make it easier to abuse the delivery channel, so a short cooldown is enforced between each send.

The resend link has a 60-second cooldown After each time you send a code, the "Resend code" link is on a 60-second cooldown. Clicking it before the cooldown ends does nothing visible — no error message appears, no toast, nothing — it simply won't resend yet. Wait for the countdown to finish before trying again.

Too many invalid codes: what the lockout looks like

This is the one behavior on this page most worth reading before you hit it, because it can genuinely look like the app has crashed if you don't know it's coming.

Entering too many invalid codes triggers a lockout If you enter an incorrect code too many times, the form visibly stops responding for about 8 seconds — no spinner, no message, it just appears frozen — before automatically redirecting you back to the login page. This is expected security behavior, not a bug. The deliberate pause is there to slow down anyone trying to repeatedly guess a code, rather than letting attempts fire rapidly one after another. Simply sign in again afterward to request a fresh code.

If this happens to you, the important thing to know is that nothing is wrong with your account or your browser — waiting it out and signing in again is the entire recovery path.

Common questions

Was this article helpful?
Your feedback helps us improve our documentation.
Rate this article:

Related articles

Still have questions?
Our support team typically replies in under 4 minutes on live chat.
Start chat