npm 2FA/OTP Issue: Unable to Retrieve One-Time Password

[Alexzjt]

Select Topic Area

Question

Body

Hello,

I have enabled Two-Factor Authentication (2FA) on my npm account. However, when I try to run npm publish, I am prompted to "Enter one-time password", but I am unable to figure out where to retrieve this OTP.

I suspect this might be because I haven't successfully linked my npm account with an authenticator app (like those on my Android phone). I have attempted to bind my npm account using both Microsoft Authenticator and Google Authenticator by following the standard QR code scanning process.

The problem is that after the scanning process appears to complete normally, neither Microsoft Authenticator nor Google Authenticator displays a working six-digit verification code or any related account information. The binding seems to fail silently.

My questions are:

Given that I have 2FA enabled, is there any alternative way to retrieve the One-Time Password (OTP) besides using an authenticator app?

How exactly can I successfully bind my npm account with Microsoft Authenticator or Google Authenticator? I have tried multiple times without success.

Is it possible that the current npm 2FA setup process is unintuitive or that there is a bug in the QR code binding flow?

Any guidance or assistance on how to resolve this 2FA binding issue would be greatly appreciated.

Thank you.

[ynacastillo]

npm does NOT provide OTP via email or SMS.
If 2FA is enabled, the ONLY valid source of the OTP is a TOTP authenticator app (or recovery codes).

If no 6-digit code appears in your authenticator app, then 2FA was NOT successfully bound, even if the QR scan “looked” successful.

[Alexzjt]

While you're not wrong, that doesn't really address the practical issue at hand.

[ASomerN]

I'm in the same position - I'm unable to add NPM on any of these authenticator apps.