If your company has two-factor authentication enabled, you enter a 6-digit verification code sent via SMS each time you sign in (unless you've trusted your device). This article covers all common 2FA issues and how to resolve them.

First-time 2FA setup

If you haven't registered a phone number for 2FA yet, you'll be prompted to do so the next time you sign in. Enter your mobile phone number that can receive SMS messages. Once registered, verification codes will be sent to that number.

"Invalid 6 digit code provided"

Possible causes and solutions:

• Typo or extra spaces in the code: Re-enter the code carefully without any spaces.
• Code has expired: Verification codes are valid for 30 minutes from when they were sent. If more time has passed, request a new code.
• Entered an older code: If you requested or received multiple codes, only the most recent one is valid. Check your messages for the latest code.
• Looking at the wrong text message: Make sure you're reading the code from the most recent SMS from Govenda, not an older message from a previous sign-in attempt.

"Authentication Code resent after too many wrong entries"

After 5 consecutive incorrect code entries, the system automatically:

1. Invalidates the current code.
2. Sends a new code to your registered phone number.

This is a security feature, not a bug. Check your text messages for the newest code and enter it.

I'm not receiving the SMS verification code

• Cellular reception: SMS requires cellular service. WiFi alone won't receive text messages. Make sure you have signal.
• Wait a moment: Carrier delays of 1–2 minutes are normal, especially during peak times.
• Correct phone number: Ask your administrator to verify that the correct phone number is registered for your account.
• Text message sent to spam: The text message may have been marked as spam. Check your texts spam folder for the code.
• Carrier blocking: Some mobile carriers block automated or short-code SMS messages. If this is the case, ask your administrator to generate a one-time bypass code for you.
• Phone number changed: If you changed your phone number, contact your administrator to update it in the system.

Why am I being asked for a verification code again?

When you successfully enter a 2FA code, you can choose to "Trust this device" so you won't need to enter a code on future sign-ins from that browser. However, the trust is stored in your browser's local storage, so you'll be asked for a code again if:

• You cleared your browser cookies, cache, or local storage
• You're using incognito or private browsing mode
• You switched to a different browser (e.g., from Chrome to Edge)
• You're on a different device (e.g., a new computer or phone)
• The trust period configured by your company has expired
• Your administrator revoked your trusted devices
• Your browser automatically cleared data on exit (some privacy settings do this)

For administrators

Generating a bypass code for a user

If a user can't receive their SMS code and needs to sign in urgently:

1. Go to the admin portal.
2. Navigate to the user's profile.
3. Click the 3 dots menu in the upper right corner
4. Use the option to generate a one-time 2FA bypass code.
5. Share the code with the user. They can enter it when logging in instead of the SMS code.

Note: If the user hasn't registered a phone number yet, this will return "not registered." The user needs to complete phone registration first by signing in normally and completing the 2FA enrollment when prompted.

2FA not being enforced even though the setting is on

Two-factor authentication must be enabled in your Govenda company settings for it to be enforced.

If 2FA is enabled but members are not being prompted for a code, check whether Trusted Devices is also enabled. If Trusted Devices is set to Never Expires, members may only be asked for 2FA once on a trusted device. After they trust that device, they will not be prompted for 2FA again unless the trusted device is removed, the setting is changed, or they sign in from a new device or browser.