[Defender] Two-factor authentication/2FA from cloned site is the same code

I have a boilerplate site I use as the basis for creating new websites, which I then clone. I've set it up with Defender, and enabled 2FA, but when I clone it to a new site, even if I disable 2FA for my admin user and re-enable it, the code is the same for both websites.

Is there a way to change the code somehow? What is it that's generating the same QR-code every time? The URL is different, but the username is the same. How can I get a new QR-code and OTP for this user?