How TOTP works
- Your app enrolls the user and displays a QR code.
- The user scans it with an authenticator app (like Google Authenticator or Authy).
- The app generates a time-based code every ~30 seconds, which your backend verifies.
Time-based one-time passcodes (TOTPs)
Time-based one-time passcodes (TOTPs) overview
Understand how TOTP works and when to use it as a second factor.
Time-based one-time passcodes (TOTP) add a second factor by requiring users to enter a short-lived code from an authenticator app. This is ideal for high-risk actions like money movement or account changes where you want stronger assurance than SMS alone.