Setting up 2FA via Google Authenticator → Invalid second factor authentication token entered. (Code: 1026)

I’m trying to set up 2FA on my account via Google Authenticator.

Using QR code scan from screen, everything goes smooth until Cloudflare refuses to accept my verification code.

Here’s what I get:


(backup code is different each time)

but the code is correct.

Make sure the time on your phone is correct and that you chose the right mode, which should be time-based IIRC.

1 Like

The time is correct, I’m concluding this from that I’m using this authenticator for different accounts on different servers (as seen on screenshot, and that’s not all – it’s just scrolled to bottom), and it wouldn’t work otherwise.
Also, I sync the clock via NTP to be sure (yes, on the phone).

you chose the right mode, which should be time-based

Where is this “mode” can be chosen? In Cloudflare, I’m just clicking this


and it shows me QR code screen, no other questions asked.

In the application itself. If the mode matches and the time is correct I’d expect it work, otherwise it might be an issue with Cloudflare, but only their support could shed some light here. :man_shrugging:

1 Like

okay, I found where the mode is chosen. But choice is only available when adding by manually inserting the code instead of scanning QR, and it’s time-based by default.

In that case I’d contact support.

1 Like

Sorry for the necro, but just had the same issue. Wanted to tell others that might find this a fix that worked for me; Go to “Settings” in your Google Authenticator, tab “Time correction for codes” and tab “Sync now”. After that it worked again like magic for me. :slight_smile: