Can we get OTP on email?
Yes, one can get OTP on gmail, you can check yourself.
1 Like
No such screen for me. I have external TOTP set up so it hides the email/sms screen.
I donât even have mobile app installed/logged in so no idea why it is showing app code. Senseless. It should show email/sms for me
Also there is a 15 second artificial countdown when TOTP is disabled to discourage email/SMS OTP. It is not smooth.
If you have external TOTP enabled the email/SMS option doesnât come up if you disable TOTP and only use mobile APP Code and then you click problem with mobile app code then EMail/SMS option comes up 
Can we have some improvement and let the users who have External TOTP enabled also use Email/SMS Code
@nithin @siva
1 Like
We canât have user specific logins, most users have apps installed so that is the next best alternative I guess. But if you can let me know what you want to solve here I will try addressing that specifically.
Yeah, this is intentional to have 15 sec countdown.
I really dinât get the use case for this, user enabled external OTP so we can assume he uses it, if not one can use app code. If both are not one can trigger sms or otp to email.
If you donât have access to phone then please trigger opt to email, this way one can login to web without phone.
Email/sms OTP button even when totp is enabled.
WhatsApp is also great. Instant and comes on dekstop. Emails easily take 20-30 seconds to deliver and open.
I donât know if youâre being sarcastic. Itâs clearly intentional since itâs coded like that. What is the point of it, other than to force app code even when user doesnât have app?
Okay umm⌠Mobile App is in my phone so is my External TOTP (say Microsoft authenticator ) and I donât have immediate access to my phone
Since I have TOTP enabled when logging in Web after I enter the password how can I trigger email OTP if the option itself isnât their
Intentional because normally users try to login at market open time, when lakhs of users trigger to generate sms at the same time it is possible in few cases few tokens can be lost and in few cases mobile service may be bad etc, considering that we prefer users using app otp which covers all these kind of cases.
In this case , user can use forget password option and trigger sms.
Just fyi - totp can be generated by desktop apps too. Keepassxc being one of them.
i have heard that we can do it in code via pyotp.
you mean resetting password every time they want email/sms otp?
Yes am familiar but it is not wise to keep TOTP and passwords in one place. Not really 2 factor authentication when both factors are stored in same place with same access level.
Of course, this depends on threat model and having TOTP and passwords in same place is definitely better than having just passwords.
1 Like
if I use forgot password
A. Iâll HAVE to change my password
b. Iâll have RE DO Two Factor Authentication if I still want to continue using External TOTP
Why canât we have external TOTP and SMS/EMail OTP without going through this trouble of forget password
1 Like
yes, someone said laptop/desktop. So assuming trading is done on laptop, this can be kept in desktop.
I use mobile totp and have desktop totp as backup.