heylogin supports TOTP 2-factor authentication. This means that you can log in with one click using both your password and a 6-digit code. Instead of receiving the code via an authenticator app, you can directly use heylogin for a more automated login experience.
Registration
The process to register your TOTP secret in heylogin looks different for each site, we have chosen paypal.com for our example:
- Go to your profile settings by clicking on the gear icon in the upper right corner. Under Security, click on Set Up under 2-step-verification.
- Having Use an authenticator app selected, click on Set It Up.
- heylogin automatically detects the QR code. Simply click Add to login on the overlay.
- Your login mask should appear and all you need to do is click on it. Otherwise, copy the 6-digit code shown on the login mask by hitting the Copy button on the right side of the overlay and paste it into the 6-digit code field.
- Congratulations, your TOTP is now autofilled every time you log into PayPal. As mentioned above, this process is different on every website.
Login
As soon as you log in with heylogin on a website where you have activated TOTP, the TOTP is automatically filled in after the password. Depending on the website you may need to click on the overlay again to fill it in.
Alternative ways to access the TOTP code
If this does not work, there are several different ways to fill in the TOTP code, for example by copying the TOTP code from the browser extension.
Why am I getting a warning that the system time is not correct?
For TOTP codes to work, the system time must be set correctly. For this reason, heylogin displays a warning if the system time deviates from the correct time by more than 30 seconds.
If this error is displayed, the system time should be checked and set to the correct time. Modern operating systems set the time correctly automatically, so this should only be necessary in rare cases.
Why is it okay to use heylogin instead of an authenticator app?
It is important to understand that heylogin is already 2-factor secure by default. Normally, the 6-digit code is generated inside an authenticator app, such as Google Authenticator, on the phone which then needs to be entered manually into the browser. In case of heylogin, there is already an end-to-end encrypted connection between the smartphone app and the browser. Thus, based on our threat model, we can generate the TOTP code using heylogin to enter it automatically. Please consult our security whitepaper for more details.