Technical Specification

Author: Mukesh

Team: OpenLogo

Created on: 9 Jan 2026

Last updated: 20 Jan 2026

Related ticket: OPENLOGO-MFA

1. Introduction

1.1 Overview

This document describes the design of a Time-based One-Time Password (TOTP) Multi-Factor Authentication (MFA) system for OpenLogo.

1.2 Problem Statement

OpenLogo currently relies on single-factor authentication (username and password). This presents a security risk because:

• Passwords can be leaked, reused, or phished
• A compromised password grants full account access
• There is no defense-in-depth against credential theft

1.3 Goals

Product Goals