Brief about TOTPs

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) that uses the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.

TOTP is the cornerstone of Initiative for Open Authentication (OATH), and is used in a number of two-factor authentication (2FA) systems.

You can read more about TOTPs here.

Setup

  1. Login to your dashboard.
  2. Navigate to your account security settings from the left pane/sidebar.
  3. In the card called “Multi-Factor Authentication” click “Generate QR.”
  4. Scan the QR in your TOTP app. Like Google Authenticator or Authy.
  5. Enter your TOTP from the app after scanning the QR.
  6. Submit the form.

After enabling MFA, every client which authenticates with your envsecrets account will need the OTP from your MFA app. Including our CLI.