OTP (One-Time Password)

OTP (One-Time Password) is a time-based dynamic verification method. A new 6-digit code is generated every 30 seconds to add extra security to your account.

Tip

Enabling OTP 2FA is recommended for all users, especially administrators.

Supported authenticator apps: Google Authenticator, Microsoft Authenticator, Authy, 1Password, etc.

Features

• Time-based sync: RFC 6238 TOTP standard
• High security: code refreshes every 30 seconds
• Offline availability: no network required to generate codes
• Multi-device support: can be configured on multiple devices

Enable OTP

1. Open Personal Center

After login, click username and go to Personal Center.

2. Enable OTP

Find OTP Two-Factor Authentication.

3. Scan QR code

Use authenticator app on your phone:

1. Open authenticator app (for example Google Authenticator)
2. Click Add account / +
3. Select Scan QR code
4. Scan the code shown on screen

4. Manually enter secret (alternative)

If QR scanning is unavailable:

1. Choose Manual entry in app
2. Enter the displayed secret key
3. Set account name (service name recommended)

5. Verify setup

Enter the 6-digit code generated by app and click Confirm.

Login Flow

After OTP is enabled:

1. Enter username and password
2. Open authenticator app
3. Find the account item
4. Enter current 6-digit code
5. Click login

Note

• OTP code refreshes every 30 seconds
• If current code is close to expiration, wait for the next one
• Each code can only be used once

Backup and Recovery

Recovery codes

A set of recovery codes is generated when enabling OTP. Keep them safe:

1. Download and print recovery codes
2. Store them in a safe place
3. Do not keep recovery codes only on your phone

Use recovery code

If OTP code is unavailable:

1. Click Use recovery code on login page
2. Enter any unused recovery code
3. After login, reconfigure OTP as soon as possible

FAQ

Q: Why is verification code always invalid?

A:

• Ensure device time is synced correctly
• Ensure code has not expired
• Use the currently displayed code
• Do not reuse the same code multiple times

Q: What if phone is lost or damaged?

A:

1. Use saved recovery code to log in
2. Ask administrator to reset OTP
3. Set up OTP again

Q: Can OTP be configured on multiple devices?

A: Yes. Scan the same QR code or use the same secret key on multiple devices.

Q: How to disable OTP?

A: Go to personal settings, find OTP option, click Disable.

Best Practices

1. Backup regularly: verify recovery codes are still safely stored
2. Use multiple devices: avoid single-device failure
3. Keep time accurate: prevent verification failures due to time drift
4. Store secrets securely: prevent leakage

Security recommendations

• Do not enter OTP codes in public unsafe environments
• Do not screenshot QR code or secret key
• Keep authenticator app updated
• If suspicious login is detected, change password and reset OTP immediately