> For the complete documentation index, see [llms.txt](https://oten.gitbook.io/identity-support/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oten.gitbook.io/identity-support/user-guide/account-management/account-security/multi-factor-authentication-optional/mfa-authenticator-apps-totp.md).

# MFA-Authenticator apps (TOTP)

This section explains how to use **Authenticator Apps (TOTP)** as a Multi-Factor Authentication (MFA) method, including:

* How to set up an authenticator app
* How TOTP verification works during sign-in
* What happens after successful setup

> 📌 This guide covers **Time-based One-Time Password (TOTP)** authentication only.\
> Email-based MFA and o=passkeys are documented separately.

***

### I am new. Where should I start? <a href="#i-am-new.-where-should-i-start" id="i-am-new.-where-should-i-start"></a>

If you want **stronger security than email codes**, authenticator apps are recommended.

An authenticator app:

* Generates a **time-based one-time code** on your device
* Works even **without internet access**
* Is harder to compromise than email

Common authenticator apps:

* [Google Authenticator](https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2\&hl=en)
* [Microsoft Authenticator](https://play.google.com/store/apps/details?id=com.azure.authenticator\&hl=en)
* [Authy](https://www.authy.com/)
* [1Password (TOTP)](https://support.1password.com/one-time-passwords/?mac)

***

### Purpose <a href="#purpose" id="purpose"></a>

Authenticator-based MFA adds a second security factor by requiring a **temporary code generated on your personal device**, ensuring:

* Only users with physical access to the device can sign in
* Protection against phishing and email compromise
* Compliance with higher security requirements

***

### Prerequisites <a href="#prerequisites" id="prerequisites"></a>

Before setting up an authenticator app, make sure that:

* Your account is created and signed in
* **Multi-Factor Authentication (MFA)** is enabled
* You have installed an authenticator app on your mobile phone or tablet

&#x20;

***

### I already understand. How do I proceed step by step? <a href="#i-already-understand.-how-do-i-proceed-step-by-step" id="i-already-understand.-how-do-i-proceed-step-by-step"></a>

#### Step 1: Enable Multi-Factor Authentication <a href="#step-1-enable-multi-factor-authentication" id="step-1-enable-multi-factor-authentication"></a>

1. Go to **Account → Security**
2. Turn on **Multi-Factor Authentication**

![3.png](blob:https://silvertiger.atlassian.net/22d22481-de85-4ee3-b65a-a01e0f1f9be8#media-blob-url=true\&id=3a09c670-d9ac-41a7-81a8-1b3963ab1650\&collection=contentId-204145482\&contextId=204145482\&width=1811\&height=888\&alt=3.png)

&#x20;

> ⚠️ Email verification is enabled by default when MFA is turned on.\
> Authenticator App is an **additional** method you can add.

***

#### Step 2: Set Up Authenticator App <a href="#step-2-set-up-authenticator-app" id="step-2-set-up-authenticator-app"></a>

1. In **Security → Multi-Factor Authentication**
2. Select **Authenticator App**
3. Click **Set up authenticator app**
4. Turn on **Authenticator app**\ <br>

&#x20;

***

#### Step 3: Scan QR Code <a href="#step-3-scan-qr-code" id="step-3-scan-qr-code"></a>

1. Open your authenticator app on your device
2. Choose **Add account**
3. Scan the QR code shown on the screen\ <br>

   &#x20;

> If you cannot scan the QR code, you can manually enter the setup key.

***

#### Step 4: Verify Setup <a href="#step-4-verify-setup" id="step-4-verify-setup"></a>

1. Enter the **6-digit verification code** generated by the authenticator app
2. Click **Confirm**\ <br>

&#x20;

✅ Authenticator App MFA is now successfully enabled.

***

### Sign-In Flow with Authenticator App <a href="#sign-in-flow-with-authenticator-app" id="sign-in-flow-with-authenticator-app"></a>

Once Authenticator MFA is enabled:

1. Enter your **email and password**
2. Select **Authenticator App** as the verification method
3. Select **Authenticator** as the verification method.\ <br>

&#x20;

4. Open your authenticator app on your mobile phone or iPad.

If you have not installed an authenticator app, install one before continuing.

&#x20;

* Enter the verification code displayed in the app.\ <br>

&#x20;

* Sign-in completes automatically after successful verification.

***

### Security Notes <a href="#security-notes" id="security-notes"></a>

* TOTP codes refresh every **30 seconds**
* Codes are **single-use and time-limited**
* Authenticator apps work **offline**
* You can keep Email MFA enabled as a backup method
* You can remove or reset the authenticator app from **Security settings**

***

### Troubleshooting <a href="#troubleshooting" id="troubleshooting"></a>

**Lost your device?**

* Use Email verification (if enabled) to sign in
* Reset MFA from account security settings

**Code not working?**

* Ensure your device time is set automatically
* Wait for the next code refresh and try again

***

### Summary <a href="#summary" id="summary"></a>

| Item              | Description                               |
| ----------------- | ----------------------------------------- |
| MFA Method        | Authenticator App (TOTP)                  |
| Setup Required    | QR code or manual key                     |
| Used During       | Sign-in after password                    |
| Internet Required | No                                        |
| Security Level    | High                                      |
| Best For          | Users needing stronger account protection |
