Mobile Authenticator -

This authentication method works on the principle of Time based One Time Password(TOTP). This is the most popularly used 2FA authentication method.

As the name suggests, TOTP is an OTP that depends upon time. The moving factor in a TOTP is time-based rather than counter-based. Each passcode(OTP) is valid for a certain period of time. The amount of time in which each password is valid is called a timestep. As a rule, timesteps tend to be 30 seconds or 60 seconds in length. If the user does not use the password within that window, it will no longer be valid, and the user will need to request a new one to gain access to the application.

During the registration process, each user gets a unique QR code that represents a randomly generated secret key. The users need to scan this QR code using any mobile authenticator app, such as Google Authenticator, Microsoft Authenticator, Authy, Duo, etc. Based on the current time and the secret key, the authenticator app and the add-on generate an OTP/Passcode which is valid for only a short duration of time. If the passcode provided while validation is correct then only the users get successfully logged in. And if the users try to log in after the OTP has expired, they get an invalid OTP error message.

Please note that the OTP is generated based on the current time and it is generated separately in the mobile app and the 2FA add-on. So it is important that the time on both the Atlassian application and the mobile device are in sync, i.e. connected to the Automatic time/Network time. Otherwise, during the validation process, the OTP/Passcode will not match.

Please refer to this user guide to see how to configure Mobile Authenticator - Add the link to user guide