
The 6-digit Google authentication code refreshes every 30 seconds. This time constraint generates most of the blocks encountered by users, whether during a phone change, device loss, or simply confusion between the different types of Google codes. Understanding where this code is generated, how it circulates, and what alternatives exist helps avoid being locked out of accounts.
TOTP code, SMS code, and Google backup codes: three distinct mechanisms
The most common confusion concerns the very nature of the code requested. Google uses several types of codes in its two-step verification system, and each works differently.
Further reading : How to Access Online Payment and Easily Manage Your Tenant Account
| Type of code | Source | Validity period | Requires internet |
|---|---|---|---|
| TOTP Code (Google Authenticator) | App on the phone | 30 seconds | No |
| SMS Code | Sent by Google to the registered number | Several minutes | Mobile network required |
| Backup Codes | Generated once in the account settings | One-time use, no expiration | No |
The 6-digit code that most blocked users refer to is the TOTP code generated by Google Authenticator. It is not sent via SMS, it is not stored on Google’s servers (unless cloud synchronization is enabled), and it cannot be retrieved by calling customer service.
To find the 6-digit Google authentication code, you must first identify which of these three mechanisms has been configured on the relevant account. Verification is done in the security settings of the Google account, under the “Two-step verification” section.
Further reading : Complete guide to using EpsilonScan and easily tracking your favorite webtoons

Google Authenticator cloud synchronization: what has changed since 2023
Since April 2023, Google Authenticator allows for encrypted backup and synchronization of 2FA codes in the cloud via the Google account. This update fundamentally changed how to retrieve codes after a phone change or loss.
Before this date, TOTP codes were stored only locally on the device. Losing your phone meant losing all your codes, unless you had kept the original QR codes or backup codes. Today, if synchronization is enabled, you simply need to reinstall Google Authenticator on a new device and log in with the same Google account to retrieve all your codes.
Check if synchronization is active
Open Google Authenticator on your phone. If a cloud icon appears at the top of the screen with your Gmail address, synchronization is working. If you see a crossed-out cloud or no address, your codes are only saved locally.
To enable synchronization, tap your profile picture in the app, then select “Use without an account” or log in. This feature requires version 6.0 or later on Android, and version 4.0 or later on iOS.
Transferring Authenticator codes to a new phone
When you change phones and cloud synchronization is not enabled, manual transfer remains the only option. Google Authenticator includes an export function that generates a QR code to scan from the new device.
- On the old phone, open Google Authenticator, tap the menu (three dots), then “Transfer accounts” and “Export accounts”
- Select the accounts to transfer, and a QR code will appear on the screen
- On the new phone, install Google Authenticator, choose “Transfer accounts” then “Import accounts,” and scan the QR code displayed on the old device
This procedure, documented notably by Splashtop, ensures that the same 6-digit codes appear on both devices. Both phones remain functional as long as you do not delete the accounts from the old one.

Alternatives to Google Authenticator for generating 2FA codes
Google Authenticator is not the only tool capable of producing 6-digit TOTP codes. Several categories of alternatives exist, each with its own trade-offs.
Password managers with integrated 2FA
Managers like Dashlane now integrate a 2FA code generator directly into the vault. The advantage: codes and passwords are centralized in one tool, accessible from multiple devices. The risk: if the vault is compromised, the attacker gains access to both authentication factors simultaneously.
Browser extensions
Chrome extensions like “Authenticator” generate TOTP codes directly in the browser, refreshing automatically every 30 seconds. This solution helps users who do not have access to their phone, but it reduces security by removing the separation between the browsing device and the authentication device.
Total loss of access: remaining recourses
If the old phone is inaccessible and cloud synchronization was not enabled, the options are significantly reduced.
- Google backup codes (generated in advance in the account security settings) allow you to log in without a TOTP code, at a rate of one code per login
- SMS validation, if configured as a secondary method, can serve as a fallback solution
- The Google account recovery procedure, accessible from the login page, requires answering identity verification questions
None of these methods restore the Authenticator codes themselves. They provide access to the Google account, after which you must reconfigure two-step verification from scratch for each associated service.
The best protection against this scenario remains preventive: enable cloud synchronization in Google Authenticator and keep backup codes in a location physically separate from the phone. A simple piece of paper stored with administrative documents is sufficient.