Skip to main content

TOTP

TOTP (Time-Based One-Time Password) is one of the most secure methods to protect your Strapi CMS. With TOTP, only someone with access to your phone and authenticator app can verify and log into your CMS. Below, we’ll guide you through the steps to set up TOTP authentication within HeadLockr.

Why TOTP is an Excellent MFA Method

TOTP provides a strong layer of security by generating time-sensitive, one-time codes. Even if your password is compromised, attackers cannot access your account without physical access to your phone and authenticator app. Unlike SMS-based codes, TOTP is more secure because it doesn't rely on cellular networks, which are susceptible to interception or SIM-swapping attacks.

Setup TOTP

Follow these steps to configure TOTP authentication:

  1. Navigate to the TOTP section in the HeadLockr UI.
  2. Verify your identity by entering your Strapi admin password.
  3. You might be challenged with a MFA challenge depending on your active MFA methods.
  4. Install an authenticator app, such as Authy, Google Authenticator, or any compatible app, on your phone.
  5. Use the authenticator app to scan the QR code displayed on the left side of the screen within Headlockr.
  6. Enter the 6-digit code generated by the authenticator app into the field provided in the UI.

Congratulations!🎉 Your TOTP method is now fully set up and operational.