That may have been the 'second code' referred to as a typo by the article, but was perhaps the standard 2fa token that came in after the original password change token? Nice catch.