How to reset 2FA on Zerodha

From WebNotes, a public knowledge base. Last updated . Reading time ~7 min. Level: Intermediate.

Zerodha requires two-factor authentication (2FA) for all Kite logins. The two options are:

  1. TOTP (Time-based One-Time Password): generated by an authenticator app on your phone (Google Authenticator, Authy, Microsoft Authenticator, or any RFC 6238-compliant app).
  2. SMS OTP: a 6-digit code sent to the mobile number registered with Zerodha.

A 2FA reset is needed when you lose access to your authenticator app (phone replaced, app deleted, app data lost) or when the TOTP codes generated by the app no longer match the expected codes (time-sync issue).

Conflict-of-interest disclosure. This guide is published by WebNotes Editorial Team for informational purposes only. WebNotes has no commercial relationship with Zerodha, Google, or any authenticator app provider.

Prerequisites

  • Your Zerodha client ID and Kite password (the password itself must be known; if the password is also forgotten, complete password recovery first).
  • Access to the mobile number registered with Zerodha (for SMS OTP or for identity verification during support contact).

Step 1: Try the SMS OTP fallback on the Kite login screen

When you reach the Kite 2FA screen after entering your client ID and password, look for a secondary option such as:

  • “Use OTP instead”
  • “Get OTP on mobile”
  • “Receive SMS OTP”

Click or tap this option. Zerodha sends a 6-digit OTP to your registered mobile number. Enter the OTP to complete login.

Once logged in via SMS OTP, proceed to Step 3 to reconfigure your TOTP.

Step 2: If the TOTP is showing incorrect codes (time-sync issue)

TOTP codes are time-dependent: the authenticator app and Zerodha’s server must agree on the current UTC time. If your phone clock drifts by more than 30 seconds, the codes will appear incorrect.

Fix for Google Authenticator.

  1. Open Google Authenticator.
  2. Tap the three-dot menu (top right) > Settings > Time correction for codes > Sync now.
  3. This forces the app to sync with Google’s time servers.
  4. Try the code again on Kite.

Fix for Authy. Authy syncs time automatically. If codes are still wrong, ensure the device date and time are set to automatic in the phone’s system settings (not manually set).

Fix for any authenticator app. On the phone, go to Settings > General Management > Date and Time (Android) or Settings > General > Date & Time (iOS). Enable Set automatically. Restart the authenticator app and retry.

Step 3: Reconfigure TOTP in Console

If you have successfully logged in (via SMS OTP or by fixing the time-sync issue) and want to reconfigure or change the TOTP secret key:

  1. Open Console at console.zerodha.com.
  2. Navigate to Account (left sidebar) > Security.
  3. In the 2FA or TOTP section, click Reset TOTP or Configure TOTP.
  4. Zerodha displays a new QR code.
  5. Open your authenticator app, tap Add account > Scan QR code, and scan the new QR code.
  6. The app generates a new set of TOTP codes tied to the new secret.
  7. Enter a code from the new setup to confirm and activate it.

After this step, the old TOTP secret (on any old device or app) is invalid. Only the new setup will generate valid codes.

Step 4: If you cannot log in at all (both TOTP and SMS OTP inaccessible)

This scenario arises when:

  • The phone with the authenticator app has been lost, damaged, or wiped.
  • The registered mobile SIM is lost or changed.
  • Both methods are simultaneously unavailable.

In this case, self-service reset is not possible. You must contact Zerodha support:

  1. Visit support.zerodha.com from any device.
  2. Raise a ticket under Account > 2FA / Login issues > Cannot log in, 2FA reset required.
  3. Provide:
    • Your Zerodha client ID.
    • Your PAN number.
    • Your date of birth.
    • The registered mobile number (even if you no longer have the SIM, providing the number on record helps Zerodha identify your account).
  4. Zerodha’s support team performs a manual identity verification. This may involve:
    • A video call or photo-ID verification.
    • A signed request sent to Zerodha’s registered office.
  5. Once identity is verified, Zerodha disables the existing TOTP configuration. You can then log in via SMS OTP (if a new SIM for the original number is available) or via a temporary access method arranged by support.
  6. After login, immediately reconfigure 2FA via Console (Step 3).

This process typically takes 1 to 3 business days.

Step 5: Switching between TOTP and SMS OTP

If you prefer to switch from TOTP to SMS OTP as the primary 2FA method (or vice versa):

  1. Log in to Console.
  2. Navigate to Account > Security > 2FA settings.
  3. Select the preferred method and follow the configuration steps.

Note: SEBI’s cybersecurity framework recommends TOTP as a more secure method compared to SMS OTP, because SMS can be susceptible to SIM-swap attacks. Zerodha recommends using an authenticator app for TOTP.

Best practices to prevent future 2FA loss

Back up your TOTP secret key. When setting up TOTP for the first time, Zerodha displays a QR code and usually also the underlying secret key as a text string. Write down or securely store the text secret key. This allows you to re-add the account to a new authenticator app without a full support reset.

Use Authy with multi-device backup. Unlike Google Authenticator (which does not natively support cloud backup), Authy stores encrypted TOTP secrets in the cloud and allows restoration to a new device. If you lose your phone, install Authy on a new device and restore from the backup.

Register a backup SIM. Ensure your Zerodha-registered mobile number remains active and in your possession. If you change your number, update it with Zerodha immediately (through Console > Account > Personal Details > Mobile Update) to avoid losing SMS OTP access.

What can go wrong

TOTP configured on old phone; phone is broken but SIM is accessible. Use the SMS OTP to log in (Step 1), then reconfigure TOTP on the new phone (Step 3).

Codes correct but Kite still rejects 2FA. This can be a server-side issue during high traffic. Wait 60 seconds and retry. If persistent, check Kite’s status page at status.zerodha.com.

Phone clock correct but authenticator app still showing wrong codes. Try removing and re-adding the Zerodha account in the authenticator app using the stored text secret key. If you do not have the secret key, proceed with the Zerodha support reset (Step 4).

Escalation path

  1. Zerodha support at support.zerodha.com.
  2. Zerodha helpline: +91-80-4040-2020.
  3. Zerodha grievance officer at zerodha.com/support/grievance if unresolved after 3 business days.

References

  1. SEBI, “Cybersecurity and Cyber Resilience Framework (CSCRF) for SEBI Regulated Entities,” SEBI Circular, 2024, sebi.gov.in.
  2. Zerodha Support, “How to set up and reset TOTP for Kite login,” support.zerodha.com.
  3. Zerodha Z-Connect Blog, “TOTP, the second factor of authentication on Kite,” zerodha.com/z-connect.
  4. RFC 6238, “TOTP: Time-Based One-Time Password Algorithm,” IETF, 2011.

Reviewed and published by

WebNotes Editorial Team

The WebNotes Editorial Team covers Indian capital markets, payments infrastructure and retail investor procedures. Every article is fact-checked against primary sources, principally SEBI circulars and master directions, NPCI specifications and the official support documentation published by the intermediary in question. Drafts go through a second-pair-of-eyes review and a separate compliance read before publication, and revisions are tracked against the SEBI and NPCI rule changes referenced in the methodology section.

Last reviewed
Conflicts of interest
WebNotes is independent. No relationship with any broker, registrar or bank named in this article.