Skip to content
We'll soon remove the Password Safe feature from Intercept X for Mobile. To keep access to your passwords, we recommend that you export them from the app and then open the exported KDBX file in another password manager. Click or tap here to learn more.

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/esg/sixm-ios/help/en-us/index.html?contextId=one-time-passwords

About one-time passwords

One-time passwords (also called verification codes) are composed of a number of digits. They are calculated from these parameters:

  • A shared secret key that only your account provider and you know.
  • Configuration values that are specific to your account provider.
  • A consecutive counter.

When you use a one-time password to authenticate yourself, your account provider expects a password that is calculated from a certain counter value. Because Authenticator uses the same rules as your account provider to determine the current counter value, the provider will accept your one-time password.

Authenticator supports time-based and counter-based one-time passwords. These types differ in the way the current counter value is determined:

  • Time-based one-time passwords (TOTP, according to RFC 6238): The counter value is incremented continuously based on the current time. The next value in the series of verification codes is generated when a defined time period has elapsed.
  • Counter-based one-time passwords (HOTP, according to RFC 4226): The counter value is incremented on demand. The next value in the series of verification codes is generated when you request it.