diff --git a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
--- a/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
+++ b/src/applications/auth/factor/PhabricatorTOTPAuthFactor.php
@@ -185,7 +185,7 @@
 
 
   public static function generateNewTOTPKey() {
-    return strtoupper(Filesystem::readRandomCharacters(16));
+    return strtoupper(Filesystem::readRandomCharacters(32));
   }
 
   public static function verifyTOTPCode(