How can I use the TOTP method for Two-Factor Authentication?
TOTP stands for Time-Based One-Time Password. This is a standardized method for generating a regularly-changing password that is based on a shared secret, ensuring that each code is unique.
TOTP provides additional security because even if a traditional password is stolen or compromised, with a TOTP, the authentication app generates a new six-digit one-time security code (OTP) every 30 seconds to prevent your account from an unauthorized access.
How to use TOTP
To configure Two-Factor Authentication (2FA), you should link your Namecheap account and the authentication app on your mobile device.
For the Namecheap TOTP 2FA method, you are able to use any of the TOTP-based applications, e.g., Google Authenticator
, LastPass Authenticator
, etc. It is also possible to connect as many different devices as you’d like to your Namecheap account and use any of them to verify your second step.
To start using the TOTP 2FA method in your Namecheap account, go to Profile >> Security >> Access >> Two-Factor Authentication page and click Enable:
Enter your Namecheap password and confirm the change by clicking Continue:
PLEASE NOTE: If you already have any of the 2FA methods enabled (SMS or OneTouch), the pop-up window with a request to confirm the authentication method change will appear:
On the next page, you will receive the set of TOTP backup codes that can help you to recover access to your Namecheap account if you lose your device/s or cannot get codes via the authentication app. You need to either print or copy the backup codes somewhere. Once you have done this, click Next:
A few things to keep in mind:
- The Backup Codes are activated only if the TOTP setup process is fully completed.
- After one of the backup codes is used for sign in, it becomes inactive.
- You can generate a new set of backup codes whenever you want. After creating a new set, the old set will automatically become inactive.
- We recommend that you store your backup codes in a safe place, e.g., in a password manager.
On the next page, scan the QR code with the authentication app on your device:
If, for some reason, you cannot scan the QR code, click "enter this text code" to see a code that you can enter manually:
In your app (e.g. Google Authenticator, in this case), enter the code received in your Namecheap account:
PLEASE NOTE: To configure authentication via TOTP on multiple devices, scan the QR code separately on each device during the setup process. If multiple devices are connected, you will get the same OTP code on all devices when logging in.
After scanning the QR code or manually entering the text code, the app will display the six-digit OTP code you need to enter in your Namecheap account to finish the setup:
Once all your devices are configured, click Next and you will be redirected back to the Two-Factor Authentication page to see that TOTP is now set up as a 2FA method for your Namecheap account:
If something happens with your device(s) or you decide to link a new device to your Namecheap account, you can still reconfigure TOTP 2FA from your security settings (Profile >> Security >> Access >> Two-Factor Authentication page) by simply regenerating the QR code:
You will need to confirm the action by entering your Namecheap account password.
PLEASE NOTE: Along with the QR code regeneration, the set of recovery backup codes will be automatically regenerated as a result.
After the QR code regeneration, your old QR code will no longer work. You will be also logged out from your Namecheap account on all devices and you will need to reconfigure them as well.
In the Backup Codes section, you can check the available and used backup codes by clicking the Show Backup Codes button. You will need to confirm this action by entering your password associated with your Namecheap account:
If you somehow misplaced your backup codes, whether they were lost, stolen or ran out, you can retrieve them on your settings page: Profile >> Security >> Access >> Two-Factor Authentication. In the Backup Codes section, click on the drop-down and choose Regenerate Backup Codes:
When the following window appears, please confirm your action by clicking Regenerate:
After your Namecheap password is confirmed, you will receive a new set of backup codes that will invalidate the previous ones. Make sure to save your new backup codes in a safe place or print them out.
Log in with TOTP
On the login page, enter your Namecheap username and password (your normal identity source login credentials).
After your username and password are verified, you will be prompted to enter the six-digit OTP code from your app to authorize the login:
You should enter the newly-generated code as soon as possible after it appears in the app:
Each OTP code is intended for use by only one user; it is valid for 30 seconds and becomes invalid after successfully logging in.
If, for some reason, you do not have access to the app on your device or the OTP codes you’ve entered do not work, you can click "Want to use a Backup Code?" to log in using one of your backup codes:
PLEASE NOTE: Your Namecheap account might become locked after a number of incorrect login attempts.
The previously-used backup codes will be then grayed out in your Namecheap account when checking the Show Backup Codes section.