About TOTP Authenticator
Time-based One-Time Password (TOTP) Authenticator is a method used to generate temporary, time-sensitive passcodes for user authentication. It is commonly used in multi-factor authentication (MFA) to enhance security.
Userfront allows TOTP configuration via pre-built UI components or documented API endpoints.
Userfront also generates a set of single-use backup codes that end users can use temporarily if they lose access to their TOTP Authenticator device.
TOTP Authenticator Requirements
When pairing TOTP with a new device, an end user is shown a QR code to scan with their authenticator app and then prompted to enter a six-digit code from the authenticator app to confirm the pairing.
Once TOTP is paired, subsequent logins will prompt the user for a new TOTP six-digit code to continue.
Userfront implements the TOTP RFC 6238 specification and is compatible with the following authenticator apps:
- Google Authenticator
- Microsoft Authenticator
- Authy
- Aegis Authenticator
- Duo Mobile
Backup codes
By default, Userfront also generates a set of backup codes unique to each end user.
When a user first pairs their device using their TOTP Authenticator app, Userfront shows them a set of single-use backup codes that they can use in the event that they lose access to their TOTP-paired device.
Each backup code can only be used once.
TOTP Authenticator Documentation
TOTP authenticator API endpoints
- Set up TOTP authenticator
- Log in with TOTP authenticator
- Remove TOTP authenticator
- Multi-Factor Authentication (MFA)