How to fix the Invalid TOTP error on Zerodha Kite

The Invalid TOTP error on Zerodha Kite is a clock problem, not a wrong code: Kite rejects the TOTP when the clock on the device running your authenticator does not match network time, so set that phone to automatic or network-provided time and enter a fresh six-digit code. TOTP is time-based; a drift of even a minute makes the app compute the code for the wrong 30-second window, and Kite refuses it.

This is the single most common cause, and it is also the least obvious one, because the code on screen looks perfectly valid. It is valid, for a moment that has already passed or not yet arrived. The fix is to correct the clock on the device that generates the code, which is the phone holding Google Authenticator or Authy, not the computer you are logging in from.

This guide covers why the error happens, the exact per-device steps to enable automatic time on Android, iPhone, and Windows, the second cause (reusing an old setup key), and what to do if syncing the clock does not clear it.

Conflict-of-interest disclosure. This guide is published by the WebNotes Editorial Team for informational purposes and is written independently. WebNotes operates a Zerodha account-opening referral programme, disclosed on the pages that carry the referral link; this guide does not carry it and earns no referral commission from the procedure described here.

Step-by-step procedure

The infobox above lists the steps. The detail below explains the cause, the exact settings path on each platform, and the fallbacks.

1. Confirm it is a clock problem

A TOTP is computed from two inputs: a secret shared once at enrolment, and the current time in 30-second steps. Your authenticator and Zerodha’s server both hold the secret, so if both also agree on the time, they compute the same code. When your phone’s clock drifts off network time, the app steps into a different 30-second slot from the server, and the codes no longer match. Kite returns Invalid TOTP. The code was never wrong; it was right for a window the server is not in.

Because the time input is what differs, fixing the clock fixes the error. You do not need to re-enrol or contact support for the common case. You correct the time and retry.

2. Set automatic time on Android

On the phone running the authenticator, open Settings, tap Date & time, and tap Network provided time. On some Android builds this control is labelled Automatic date & time, and on others it sits under a System or Additional settings sub-menu. Turn it on so the phone takes its clock from the cellular network rather than a manually set value. If you had set the time by hand, perhaps to dodge a different app, that is the drift; switching to network time removes it.

3. Set automatic time on iPhone

Open Settings, tap General, tap Date & Time, and toggle Set Automatically on. iOS then syncs the clock to network time. If the toggle was already on but the time still looks wrong, toggle it off and on again, and confirm the correct time zone is selected, since a wrong time zone can shift the clock by a whole number of hours even when the minutes are right.

4. Set automatic time on Windows

If your authenticator runs on a desktop authenticator on Windows, open Settings, click Time & Language, toggle Set the time automatically on, and then click Sync now to force an immediate resync. Windows clocks drift more than phones do, especially after a sleep or a dead CMOS battery on older hardware, so the explicit Sync now is worth doing rather than trusting the automatic poll.

5. Enter a fresh code promptly

After correcting the clock, open the authenticator, read the current six-digit Kite code, and enter it. Each code is valid for about 30 seconds. If the code on screen is near the end of its window, indicated by the countdown ring or bar most apps show, wait for it to roll to the next code and enter that, rather than submitting one that expires mid-request. Submitting a code in the last second or two is a frequent self-inflicted cause of a fresh Invalid TOTP after the clock is already correct.

6. If it still fails, re-enrol or escalate

If the clock is correct and a fresh code is still rejected, work through the secondary causes. First, confirm you are not using an authenticator entry built from an old QR or key: a fresh secret is minted on every enrolment attempt, so an entry created from a screenshot of an earlier QR generates codes the server will not accept. Delete that entry and re-enrol from a current QR. Second, if you are on an obscure or non-standard authenticator, switch to Google Authenticator or Microsoft Authenticator, which Zerodha names directly. Re-enrolment runs through the reset flow in How to recover a lost TOTP . If none of that clears it, the issue may be account-specific, and you raise a ticket via How to create a ticket at Zerodha .

Why the authenticator clock, not the login device

The clock that matters is the one on the device computing the code. That is the authenticator phone. The computer or phone you type the code into plays no part in computing it; it only forwards what you enter to Zerodha’s server. So a perfectly synced laptop will still see Invalid TOTP if the phone generating the code is an hour off.

This catches people who keep their authenticator on an old, retired phone that no longer has a SIM and so does not pull network time over cellular. Without a data connection, that phone can drift, and its codes start failing even though the phone you log in from is fine. Either give the authenticator phone a Wi-Fi connection so it can sync time, or move the authenticator to a phone that stays on the network. The dependence on the generating device’s clock is standard TOTP behaviour, not a Zerodha quirk.

Time zone versus time, and manual offsets

Two settings can produce the same symptom. The time of day can be wrong by minutes through clock drift, which is the classic cause. The time zone can be wrong, which shifts the clock by whole hours while the minutes stay correct. Both make the computed 30-second window wrong, and both yield Invalid TOTP. Turning on automatic or network-provided time usually fixes the time zone as well as the time, because the network supplies both. If you set the time zone by hand for travel or for an app, set it back to automatic too, not just the clock.

A manual offset you set deliberately is the most overlooked cause. People who advance or retard their phone clock for any reason, a game, an alarm trick, a habit, break every TOTP on the device at once. There is no per-app exception; the authenticator reads the system clock. Automatic time is the only state in which TOTP reliably works.

How this connects to setup and recovery

The Invalid TOTP error shows up at two moments: when you first enable TOTP, and at a normal login afterwards. At setup, covered in How to set up TOTP on Zerodha , a clock drift makes the Enable step fail with Invalid TOTP even though you scanned the QR correctly; fix the clock and the same scan works. At login, the same drift rejects a code from an enrolment that worked fine yesterday, because the phone’s clock has since slipped. Either way the remedy is the clock, not the enrolment, so try automatic time before you reset anything. Reset only if the clock is provably correct and the code still fails, and then re-enrol through How to recover a lost TOTP .

Regulatory context

TOTP is one of the permitted second factors under the two-factor mandate that governs trading logins. NSE circular NSE/COMP/52623, dated 14 June 2022 and issued in consultation with SEBI, requires a second factor on every login to an internet-based trading or wireless-trading platform. The Invalid TOTP error is a failure of that second factor to verify, not a relaxation of it; you still cannot log in without producing a valid second factor. The framework sits inside SEBI’s cyber-security and cyber-resilience requirements for stock brokers (SEBI circular dated June 2022, reference 59581); see Zerodha cyber security .

See also

• Zerodha
• Kite by Zerodha
• Kite web
• Kite mobile app
• Kite app code
• Kite app code versus SMS OTP
• How to set up TOTP on Zerodha
• How to disable TOTP on Zerodha
• How to recover a lost TOTP on Zerodha
• How to remove the temporary OTP on Kite
• How to reset 2FA on Zerodha
• How to unblock a Kite account
• How to fix Kite logout when switching apps
• How to log in to Kite if the mobile is lost
• How to recover your Kite password
• How to set up your Zerodha password
• How to enable biometric login on Kite
• How to secure a trading account
• Zerodha cyber security
• Is Zerodha safe
• SMS OTP
• Two-factor authentication
• Google Authenticator
• Authy
• SEBI
• Stock broker
• How to create a ticket at Zerodha
• Zerodha customer care number

External references

• Zerodha support: Why does Kite show an Invalid TOTP error?
• Zerodha support: How do I set up Time-based OTP (TOTP) to log in to Kite?
• Zerodha Z-Connect: Two-factor authentication (2FA)
• SEBI: Modification in Cyber Security and Cyber Resilience framework of Stock Brokers / Depository Participants (June 2022)
• NSE circulars portal

References

1. Zerodha support, Why does Kite show an Invalid TOTP error? (as of 20 June 2026).
2. Zerodha support, How do I set up Time-based OTP (TOTP) to log in to Kite? (as of 20 June 2026).
3. NSE circular NSE/COMP/52623, dated 14 June 2022, on two-factor authentication for internet-based trading and securities trading through wireless technology, issued in consultation with SEBI.
4. SEBI, Modification in Cyber Security and Cyber Resilience framework of Stock Brokers and Depository Participants, circular dated June 2022 (reference 59581).

WebNotes Editorial Team prepares factual how-to guides based on publicly available regulatory documents and broker disclosures. WebNotes is not affiliated with Zerodha Broking Limited. Procedures and screen labels are subject to change; verify the current flow at support.zerodha.com before acting.