Skip navigation

HOTP / Mobile Passcodes

For all application integrations, Duo uses HOTP, or HMAC-based one-time password (OTP) to generate passcodes for authentication.

Duo Mobile allows users to generate event-based passcodes that are valid until they have been used. Duo also supports the use of most HOTP-compatible hardware tokens for two-factor authentication.


Some websites and online services let you protect your account with a mobile-generated passcode. Duo Mobile can generate these time-based one-time passcodes (TOTP) for all third-party sites, letting you keep all of your accounts in one app.

TOTP-based two-factor authentication involves generating a temporary, unique passcode that only works for a certain amount of time, typically 30-60 seconds. After generating the passcode, a user must type it in manually to authenticate for access.

See how Duo Mobile can support third-party accounts.

The use of TOTP and HOTP is one of many two-factor authentication methods that Duo supports to provide secure access for all of your different users.

See how you can login anywhere and anytime.