← Back to Docs
πŸ”’ TOTP Verification

TOTP β€” Time-Based One-Time Password

TOTP is the fallback verification method in HumanAttest. It generates a fresh 6-digit code every 30 seconds using a secret stored only on your device β€” compatible with Google Authenticator, Authy, and any RFC 6238 app.

How TOTP Works

During registration, HumanAttest generates a shared secret and displays it as a QR code. You scan it once with your authenticator app. From that point, both your app and our server independently compute the same 6-digit code every 30 seconds using HMAC-SHA1 and the current Unix timestamp.

When you send an email, you enter the current code from your app. Our server verifies it matches the expected value (with a Β±1 window for clock drift). The code is single-use β€” it cannot be replayed.

Setup in 3 Steps

1

Register on the portal

Create your HumanAttest account with your full name. A QR code is generated for your TOTP secret.

2

Scan with authenticator

Open Google Authenticator, Authy, or any TOTP app and scan the QR code. A 6-digit rotating code appears.

3

Verify on first send

Click Send in Gmail. Enter the 6-digit code when prompted. Done β€” you are verified.

Compatible Apps

Google Authenticator

iOS & Android

Free

Authy

iOS, Android, Desktop

Free

Microsoft Authenticator

iOS & Android

Free

1Password

All platforms

Paid

Bitwarden

All platforms

Free

Any RFC 6238 app

Universal standard

Free

πŸ”’ Privacy Note

Your TOTP secret is stored only on your device. HumanAttest stores only the verification result (pass/fail) and timestamp β€” never the secret itself, never your Gmail address, and never any email content.