Mobile Authenticator

Hello there!

Need Help? We are right here!

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

Your Contact E-mail

What are you looking for

How can we help you?

The Mobile Authenticator method utilizes the principle of Time-based One-Time Passwords (TOTP). It is the most widely used 2FA authentication method.

Time-based One-Time Passwords (TOTP) generate passcodes that are based on the current time rather than a sequential counter.

Here’s how it works:

Time Dependency: Unlike other OTP methods that rely on a counter that increases with each login attempt, TOTP uses the current time to generate passcodes. This time-based approach ensures that each passcode is valid only for a short period.
Validity Period: Each TOTP passcode is valid for a specific time window, called a timestep, which is typically set to 30 or 60 seconds. During this time, the passcode can be used to authenticate the user. After the timestep expires, the passcode becomes invalid, and a new passcode must be generated.
Passcode Generation: When a user requests an OTP, the authenticator app and the 2FA add-on use the current time and a secret key to generate the passcode. Since both the app and the add-on use the same secret key and time-based algorithm, they produce matching passcodes as long as their clocks are synchronized.
Usage Window: To access the application, users must enter the passcode within the validity period. If they enter the passcode after the timestep has expired, they will receive an invalid OTP error message and need to generate a new one.

Unique QR Code: During registration, each user receives a unique QR code representing a randomly generated secret key.
Scanning the QR Code: Users scan this QR code using any mobile authenticator app, such as Google Authenticator, Microsoft Authenticator, Authy, Duo, etc.
Generating OTPs: Based on the current time and the secret key, the authenticator app and the add-on generate an OTP/passcode valid for a short duration.

Time Synchronization

The OTP is generated separately in the mobile app and the 2FA App based on the current time. Therefore, it is crucial that the time on both the Atlassian application and the mobile device is synchronized (i.e., set to Automatic time/Network time). If the times are not in sync, the OTP/passcode will not match during validation.
For detailed instructions on configuring the Mobile Authenticator, please refer to our 2FA setup guide.