One-Time Passcodes (OTP)
This toggle will turn on the ability for you to require OTP on all or some users. Once enabled, the following options are also active.
OTP Expiration (Minutes)
Default 2 minutes. This setting determines, from the time they submit their username and password, how long the user will have to enter the OTP code sent to them by Email or SMS text message. 2 to 5 minutes is more than adequate for the user to interact with their email software or mobile phone and enter the OTP code that was generated.
There are three methods available for OTP. Which ever methods you wish to allow must be toggled on here. Each user can then be required to use OTP and can have one of the allowed methods chosen by the administrator on that user's Authentication tab.
Hint: The most secure method is OTP via Apps such as Google Authenticator, Microsoft Authenticator, Authy, etc.
Allow OTP via Email
Toggle this ON if you intend for one or more users to receive their OTP code via Email. The individual user must have a valid email address on their User - Edit screen.
Allow OTP via SMS
Toggle this ON if you intend for one or more users to receive their OTP code via SMS text message.The individual user must have a cellular carrier and phone number entered on their Authentication tab.
Allow OTP via App
Toggle this ON if you intend for one or more users to receive their OTP code via a Time-based One-Time Password (TOTP) application. Well known apps for TOTP are:
- For Android, iOS, and Blackberry: Google Authenticator
- For Android and iOS: Duo Mobile
- For Windows Phone: Authenticator (recommended)