---
layout: default
title: Time-based One-Time Password
nav_order: 1
parent: Second Factor
grand_parent: Features
---

# Time-based One-Time Password

**Authelia** supports Time-base one-time password generated by apps like [Google Authenticator].

<p align="center">
  <img src="../../images/2FA-TOTP.png" width="300">
  <img src="../../images/google-authenticator.png" width="150" class="no-border" style="margin-left: 50px">
</p>


After having successfully completed the first factor, select **One-Time Password method**
option and click on **Not registered yet?** link. This will e-mail you to confirm your identity.

*NOTE: If you're testing **Authelia**, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/*

Once this validation step is completed, a QR Code gets displayed.

<p align="center">
  <img src="../../images/REGISTER-TOTP.png" width="400">
</p>

You can then use [Google Authenticator] to scan the code in order to register your device.

From now on, you get tokens generated every 30 seconds that
you can use to validate the second factor in **Authelia**.


## Limitations

Users currently can only enroll a single TOTP device in **Authelia**.
Multiple single type device enrollment will be available when [this issue](https://github.com/authelia/authelia/issues/275) has been resolved.

[Google Authenticator]: https://google-authenticator.com/