authelia/docs/content/en/overview/authentication/one-time-password/index.md

44 lines
1.9 KiB
Markdown
Raw Normal View History

---
title: "One Time Password"
description: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
lead: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
2022-06-28 12:27:14 +07:00
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
menu:
overview:
parent: "authentication"
weight: 230
toc: true
aliases:
- /docs/features/2fa/one-time-password.html
---
__Authelia__ supports time-based one-time password generated by apps like [Google Authenticator].
{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}
After having successfully completed the first factor, select __One-Time Password method__
option and click on __Register device__ link. This will e-mail you to confirm your identity.
*NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*
Once this validation step is completed, a QR Code gets displayed.
{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}
You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.
{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}
From now on, you get tokens generated every 30 seconds that
you can use to validate the second factor in __Authelia__.
## Limitations
Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously
register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of
multiple devices it's not a feature we will implement.
[Google Authenticator]: https://google-authenticator.com/