diff --git a/index.js b/index.js
index 3052c5e..6f53e32 100644
--- a/index.js
+++ b/index.js
@@ -116,7 +116,7 @@ hotp.verify = function(token, key, opt) {
 	// a correct code
 	for(var i = counter - window; i <=  counter + window; ++i) {
 		opt.counter = i;
-		if(this.gen(key, opt) === token) {
+		if((this.gen(key, opt) ^ token) === 0) {
 			// We have found a matching code, trigger callback
 			// and pass offset
 			return { delta: i - counter };