Provides offline authentication capability through Time-based One-Time Passwords (TOTP) generated by the REL-ID mobile application, following the OATH TOTP standard. This factor works without internet connectivity.
| Standard | Specification | Details |
|---|
| OATH TOTP | RFC 6238 compliant | Industry standard time-based algorithm |
| Time Window | 30-second intervals | New code generated every 30 seconds |
| Code Length | 6 digits | Numeric code for easy entry |
| Algorithm | SHA-1 based | Standard cryptographic hash function |
| Synchronization | Time-based | Relies on accurate device clock |
| Requirement | Status | Description |
|---|
| REL-ID Mobile App | ✅ Required | App must be installed and properly activated |
| Device Clock | ⚠️ Critical | Accurate time synchronization essential |
| TOTP Seed | ✅ Required | Secret key established during REL-ID enrollment |
| App Access | ✅ Required | User must be able to open and use mobile app |
- Code Generation: Mobile app automatically generates current 6-digit TOTP code
- Code Display: Current code shown prominently in mobile app interface
- Code Entry: User manually enters 6-digit code on web authentication portal
- Server Validation: Web portal validates code against expected value for current time window
- Time Window Check: Code must be used within current 30-second window
- Single Use Validation: Each code can only be used once successfully
- Authentication Result: Valid code allows authentication to proceed
| Feature | Support Level | Description |
|---|
| No Internet Required | ✅ Full Support | Works completely offline on mobile device |
| Battery Independent | ✅ Full Support | Functions with minimal device power |
| Network Independent | ✅ Full Support | No cellular or WiFi connection needed |
| Time Dependency | ⚠️ Critical Requirement | Requires accurate device clock synchronization |
- Valid Code: User enters correct 6-digit code within time window
- Proper Timing: Code used within current 30-second interval
- First Use: Code hasn't been previously used for authentication
- Clock Synchronized: Device time matches server time within acceptable range
| Error Type | Cause | User Experience | Resolution |
|---|
| Invalid Code | Wrong digits entered | "Invalid code" error message | User can retry with same or new code |
| Expired Code | Code from previous time window | "Code expired" error | User must wait for new code generation |
| Already Used | Code previously used successfully | "Code already used" error | User must wait for next code |
| Clock Drift | Device time out of sync | Persistent validation failures | Device time synchronization needed |
| Rate Limiting | Too many failed attempts | Temporary account lockout | Wait for cooling period to end |
- Code Not Working: Wait for next 30-second interval and try new code
- Persistent Failures: Check device date/time settings and sync with network
- Clock Issues: Enable automatic time synchronization on mobile device
- App Problems: Restart mobile app or check for app updates
- Backup Option: Use REL-IDverify Push Notification if data connection available
