---
title: "One Time Password"
description: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
lead: "Authelia utilizes one time passwords as one of it's second factor authentication methods."
date: 2022-06-15T17:51:47+10:00
draft: false
images: []
menu:
  overview:
    parent: "authentication"
weight: 230
toc: true
aliases:
  - /docs/features/2fa/one-time-password.html
---

__Authelia__ supports time-based one-time password generated by apps like [Google Authenticator].

{{< figure src="2FA-TOTP.png" caption="An example of the time-based one time password authentication view" alt="Second Factor OTP Authentication View" width=300 >}}

After having successfully completed the first factor, select __One-Time Password method__
option and click on __Register device__ link. This will e-mail you to confirm your identity.

*NOTE: If you're testing __Authelia__, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*

Once this validation step is completed, a QR Code gets displayed.

{{< figure src="REGISTER-TOTP.png" caption="An example of the time-based one time password registration view" alt="Second Factor OTP Registration View" width=400 >}}

You can then use [Google Authenticator] or an authenticator of your choice to scan the code in order to register your device.

{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}

From now on, you get tokens generated every 30 seconds that
you can use to validate the second factor in __Authelia__.

## Limitations

Users currently can only enroll a single TOTP device in __Authelia__. This is standard practice, as a user can obviously
register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of
multiple devices it's not a feature we will implement.

[Google Authenticator]: https://google-authenticator.com/