> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Time-based one-time passcodes (TOTPs) overview

> Understand how TOTP works and when to use it as a second factor.

Time-based one-time passcodes (TOTP) add a second factor by requiring users to enter a short-lived code from an authenticator app. This is ideal for high-risk actions like money movement or account changes where you want stronger assurance than SMS alone.

## How TOTP works

1. Your app enrolls the user and displays a QR code.
2. The user scans it with an authenticator app (like Google Authenticator or Authy).
3. The app generates a time-based code every \~30 seconds, which your backend verifies.

## Next steps

<CardGroup cols={2}>
  <Card title="API integration" icon="code" href="/consumer-auth/authentication/totps/api">
    Create, enroll, and authenticate TOTPs from your backend.
  </Card>
</CardGroup>