Authenticator App

Authenticator App Authentication Authenticator app authentication generates time-based one-time passwords (TOTP) on a mobile app (e.g., Google Authenticator, Microsoft Authenticator). This is a possession-based authenticator, as the user must have the device with the authenticator app installed to generate the authentication code. To ensure security, we have implemented the following controls:

• The TOTP expires after a short time, typically 30 seconds, to reduce the risk of interception.

• The app is set up securely, with secrets stored in encrypted form.

• The user has the flexibility to choose from a variety of supported authenticator apps.