summaryrefslogtreecommitdiff
path: root/docs/content/overview/authentication/one-time-password/index.md
blob: 5c05aa7893190e8a39878f096213b9d00e79caf3 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

---
title: "One Time Password"
description: "Authelia utilizes Time-based One-Time Passwords as one of it's second factor authentication methods."
summary: "Authelia utilizes Time-based One-Time Passwords as one of it's second factor authentication methods."
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
weight: 230
toc: true
aliases:
  - /docs/features/2fa/one-time-password.html
seo:
  title: "" # custom title (optional)
  description: "" # custom description (recommended)
  canonical: "" # custom canonical URL (optional)
  noindex: false # false (default) or true
---

__Authelia__ supports Time-based One-Time Passwords generated by apps like [Google Authenticator].

{{< figure src="2FA-TOTP.png" caption="An example of the Time-based One-Time Password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}

After having successfully completed the first factor, select __One-Time Password method__
option and click on __Register device__ link. This will e-mail you to confirm your identity.

*NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*

Once this validation step is completed, a QR Code gets displayed.

{{< figure src="REGISTER-TOTP.png" caption="An example of the Time-based One-Time Password registration view" alt="Second Factor OTP Registration View" width=400 >}}

You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.

{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}

From now on, you get tokens generated every 30 seconds that
you can use to validate the second factor in __Authelia__.

## Limitations

Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously
register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of
multiple devices it's not a feature we will implement.

[Google Authenticator]: https://google-authenticator.com/