diff --git a/homeassistant/auth/mfa_modules/totp.py b/homeassistant/auth/mfa_modules/totp.py
index 0914658a6557e6862b53d4a883b3346379c7ed6c..50cd9d334660b0d03af87a2aa77b97513c10820a 100644
--- a/homeassistant/auth/mfa_modules/totp.py
+++ b/homeassistant/auth/mfa_modules/totp.py
@@ -149,10 +149,10 @@ class TotpAuthModule(MultiFactorAuthModule):
         if ota_secret is None:
             # even we cannot find user, we still do verify
             # to make timing the same as if user was found.
-            pyotp.TOTP(DUMMY_SECRET).verify(code)
+            pyotp.TOTP(DUMMY_SECRET).verify(code, valid_window=1)
             return False
 
-        return bool(pyotp.TOTP(ota_secret).verify(code))
+        return bool(pyotp.TOTP(ota_secret).verify(code, valid_window=1))
 
 
 class TotpSetupFlow(SetupFlow):