docs/content/overview/authentication/one-time-password/index.md
Authelia supports Time-based One-Time Passwords generated by apps like Google Authenticator.
{{< figure src="2FA-TOTP.png" caption="An example of the Time-based One-Time Password authentication view" alt="Second Factor OTP Authentication View" sizes="50dvh" >}}
After having successfully completed the first factor, select One-Time Password method option and click on Register device link. This will e-mail you to confirm your identity.
NOTE: If you're testing Authelia, this e-mail has likely been sent to the mailbox available at https://mail.example.com:8080/
Once this validation step is completed, a QR Code gets displayed.
{{< figure src="REGISTER-TOTP.png" caption="An example of the Time-based One-Time Password registration view" alt="Second Factor OTP Registration View" sizes="50dvh" >}}
You can then use Google Authenticator or an authenticator of your choice to scan the code in order to register your device.
{{< figure src="google-authenticator.png" caption="The Google Authenticator application" alt="Second Factor OTP Registration View" width=150 >}}
From now on, you get tokens generated every 30 seconds that you can use to validate the second factor in Authelia.
Users currently can only enroll a single TOTP device in Authelia. This is standard practice, as a user can obviously register a second device with the same QR Code. As there is no tangible benefit and it is harder to keep track of multiple devices it's not a feature we will implement.