Help Search

Edit on github

How to create a TOTP

Since version 4.3.0, Passbolt supports creation of TOTP (Time-based One Time Password).

TOTP is a mechanism that generates a unique and temporary password based on the current time. This dynamic code can be used on its own or in combination with a static password, offering an additional layer of security compared to traditional password-only systems.

iOS

On the iOS application, there is a new section called “TOTP”

iOS - Empty TOTP fig. iOS - Empty TOTP

In order to create a new TOTP, you’d need to click on “Create”

iOS - TOTP Creation fig. iOS - TOTP Creation

That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.

For the TOTP manual creation, you will have to fill three fields:

  1. Name, which is the label of the resource
  2. URL, which is the fullBaseUrl of the resource
  3. Secret, the secret from the TOTP provider
iOS - TOTP Configuration fig. iOS - TOTP Configuration

You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.

iOS - Link TOTP to an existing password fig. iOS - Link TOTP to an existing password

There is also an advanced settings part in order to adjust the expiry, length and algorithm

WARNING: Advanced settings have to match the TOTP provider settings otherwise it won’t work.

iOS - TOTP Advanced Settings fig. iOS - TOTP Advanced Settings

Once created, you will see a success message “TOTP has been created.” then you will be able to preview the TOTP code when you need it.

iOS - TOTP Preview fig. iOS - TOTP Preview

Android

On the Android application, there will be a new section called “TOTP”

Android - Empty TOTP fig. Android - Empty TOTP

In order to create a new TOTP, you’d need to click on “+” icon

Android - TOTP Creation fig. Android - TOTP Creation

That will open a menu that will let you choose between scanning a QR code or create a TOTP manually, for this tutorial we assume that you’d need to create it manually.

For the TOTP manual creation, you will have to fill three fields:

  1. Name, which is the label of the resource
  2. URL, which is the fullBaseUrl of the resource
  3. Secret, the secret from the TOTP provider
Android - TOTP Configuration fig. Android - TOTP Configuration

You do have the possibility to link this TOTP to an existing password but that’s optional. You can also create a standalone TOTP instead.

Android - Link TOTP to an existing password fig. Android - Link TOTP to an existing password

There is also an advanced settings part in order to adjust the expiry, length and algorithm

WARNING: Advanced settings have to match the TOTP provider settings otherwise it won’t work.

Android - TOTP Advanced Settings fig. Android - TOTP Advanced Settings

Once created, you will see a success message then you will be able to preview the TOTP code when you need it.

Android - TOTP Preview fig. Android - TOTP Preview

Last updated

This article was last updated on October 4th, 2023.

Not finding what you are looking for? You can also ask the community on the forum.

Talk to a human