Skip to content
EMPS intranet
Home OATH QR test
Back to top

Time-based One-time Password (TOTP) test page

Time-based One-time Password Algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.   Wikipedia.

The basic mechanism is for the user to have a (client) device that uses the time and the shared secret key to calculate the one-time password. The user then types in this number at the login prompt as a second password in addition to their "normal" password.

The client device can either be a dedicated hardware key or a smartphone app.

Using smartphones

Free apps for the "OATH" open standard are available for both iOS and android. We suggest you install one of these apps on your smartphone:
  • Android: "FreeOTP" (from google play)
  • iOS: either "FreeOTP" or "HDE OTP Generator" (both from Apple app store)

Setting up accounts

Once you have installed the app you can set up entries for as many remote accounts as you wish, each with its own shared key. The above apps allow you to scan a QR code to save typing an 80-character hex key.

Testing the app

QR

When you start up the app you should see a "+" at the top of the screen. Pressing it should start the camera: point it at the QR code to the left.

It should install a dummy account entry called "test-account", displaying a six-digit number that changes every 30s. (To save battery it may not always show the number but pressing it should activate it.)

You can delete the test account once you have got to the stage that it is generating the six-digit TOTP.

                                                                                                                                                                                                                                                                       
Validate   Link-check © Copyright & disclaimer Share
Back to top