authelia/docs/content/en/overview/authentication/one-time-password/index.md

---
title: "One Time Password"
description: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
lead: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
menu:
  overview:
    parent: "authentication"
weight: 230
toc: true
aliases:
  - /docs/features/2fa/one-time-password.html
---

__Authelia__ supports time-based one-time password generated by apps like [Google Authenticator].

{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}

After having successfully completed the first factor, select __One-Time Password method__
option and click on __Register device__ link. This will e-mail you to confirm your identity.

*NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*

Once this validation step is completed, a QR Code gets displayed.

{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}

You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.

{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}

From now on, you get tokens generated every 30 seconds that
you can use to validate the second factor in __Authelia__.

## Limitations

Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously
register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of
multiple devices it's not a feature we will implement.

[Google Authenticator]: https://google-authenticator.com/
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`---`
			`title: "One Time Password"`
			`description: "Authelia utilizes one time passwords as one of it's second factor authentication methods."`
			`lead: "Authelia utilizes one time passwords as one of it's second factor authentication methods."`
docs: update dates (#3615) 2022-06-28 05:27:14 +00:00			`date: 2022-06-15T17:51:47+10:00`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`draft: false`
			`images: []`
			`menu:`
			`overview:`
			`parent: "authentication"`
			`weight: 230`
			`toc: true`
			`aliases:`
			`- /docs/features/2fa/one-time-password.html`
			`---`

			`__Authelia__ supports time-based one-time password generated by apps like [Google Authenticator].`

			`{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}`

			`After having successfully completed the first factor, select __One-Time Password method__`
			`option and click on __Register device__ link. This will e-mail you to confirm your identity.`

			`NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/`

			`Once this validation step is completed, a QR Code gets displayed.`

			`{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}`

			`You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.`

			`{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}`

			`From now on, you get tokens generated every 30 seconds that`
			`you can use to validate the second factor in __Authelia__.`

			`## Limitations`

			`Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously`
			`register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of`
			`multiple devices it's not a feature we will implement.`

			`[Google Authenticator]: https://google-authenticator.com/`