TOTP (Time-Based One-Time Password)

Estimated reading: 2 minutes 213 views

The TOTP (Time-Based One-Time Password) feature in Visual Guard provides a secure, time-sensitive authentication method that generates unique passwords which are valid only for a short period. This method leverages Microsoft Authenticator to enhance security for user logins and sensitive transactions.

Minimum Version: VG 2024.1


Key Aspects:

  1. TOTP Generation:
    • Visual Guard generates TOTPs based on a shared secret and the current time.
    • The TOTP changes at regular intervals (typically every 30 seconds), ensuring that each password is only valid for a brief window.
  2. Authenticator Apps:
    • Users can use popular authenticator apps like Google Authenticator and Microsoft Authenticator to generate TOTPs.
    • These apps do not require internet connectivity to generate TOTPs, as they use the device’s internal clock.
  3. User Enrollment:
    • During the enrollment process, users scan a QR code provided by Visual Guard with their authenticator app.
    • The app stores the shared secret and starts generating TOTPs that can be used for authentication.
  4. Integration with Existing Systems:
    • Visual Guard’s TOTP feature integrates seamlessly into existing authentication workflows, providing an additional layer of security without disrupting user experience.
    • It supports various applications and systems, ensuring broad compatibility and ease of use.
  5. Security Enhancements:
    • TOTPs significantly reduce the risk of unauthorized access by ensuring that passwords are valid only for a short period.
    • This method is particularly effective against phishing attacks, replay attacks, and other forms of credential theft.
  6. Compliance and Auditing:
    • Using TOTPs can help organizations meet regulatory requirements for multi-factor authentication (MFA).

Benefits of TOTP in Visual Guard:

  • Enhanced Security: Provides a robust authentication mechanism that is resistant to common attacks like phishing and keylogging.
  • User Convenience: Easily integrates with widely-used authenticator apps, offering a familiar and convenient method for users.
  • Regulatory Compliance: Assists organizations in meeting industry standards and regulations requiring strong authentication methods.
  • Seamless Integration: Integrates smoothly into existing authentication processes, enhancing security without complicating the user experience.