UsageLast updated: 13 March 2022

Each member is assigned a unique key that is used to generate and validate the OTP codes. There are three ways in which this code can be reset:

• If the member's EE login password is changed for any reason (forced, they request etc.);
• If the member enters invalid OTP codes more than three times in a row;
• If the member opts to change the mode of OTP delivery (e.g. from email to authenticator).

In each case EE OTP will generate / revalidate a new OTP key for the member on their next login attempt.

When operating EE-OTP monitors several 'hooks' within the EE system so that it can detect when login events occur and to support its own operation. Due to the way EE works internally, this monitoring continues even when EE-OTP is disabled. The overhead introduced by this monitoring is by design miniscule, but if you are concerned about maximising the performance of your system then it makes sense to consider uninstalling EE-OTP if you do not plan to activate it: you can of course reinstall the add-on when it is needed.

EE-OTP makes use of EE's caching service to support critical parts of its operation. EE-OTP will only work correctly if your site is configured in a way that allows for the EE cache to operate. If you have a normal EE installation you will have no problems, but if you have an unusual / complex EE server setup this is something to be mindful of.