Ukraine flag

We stand with our friends and colleagues in Ukraine. To support Ukraine in their time of need visit this page

One-time passwords in messaging apps: a modern approach to 2FA

One-time password delivery in messaging apps is easy, secure and free. The service is already available on Telegram, Viber and Facebook Messenger. It’s time to say no to outdated and insecure SMS authentication. Connect to the Protectimus chatbot in your messaging app to receive one-time passwords and important notifications without the risk of having messages intercepted.

It’s the most convenient method for receiving one-time passwords. There’s no more need to pay SMS providers, buy hardware OTP tokens, or ask your users to install extra OTP generator apps. Users need only add the ProtectimusBot chatbot to their usual messaging app. And after a quick, 15-second setup process, they will receive one-time passwords and other important messages.


Authentication through chatbots on Telegram, Facebook Messenger, Viber and other messaging apps is completely free. It’s just as easy as SMS, but it lets you avoid unnecessary costs. What’s more, it’s possible to combine one-time password delivery with delivery of important messages, such as information about deposits and withdrawals, allowing you to completely put an end to your SMS expenses.


Using messaging apps to deliver one-time passwords is secure. Messaging apps use reliable message encryption algorithms, and access to these apps is additionally protected by a password. On top of that, this OTP delivery method allows the use of HOTP and TOTP password generation algorithms, and supports CWYS (Confirm What You see) data-signing function, which protects data even in the event that a OTP password is intercepted by a hacker.

Easy setup

Setting up two-factor authentication using chatbots on Viber, Telegram, Facebook Messenger and other messaging apps requires minimal effort. The user just needs to find the ProtectimusBot chatbot in their usual messaging app and send it the /getid command. He or she will receive a chat ID to send to Protectimus. Having received the chat ID, Protectimus will connect the new user in just a few moments.


  • One-time password delivery via messaging apps
  • Delivery of any messages and notifications to users
  • Supported messaging apps: Telegram, Facebook Messenger, Viber
  • Support for HOTP, TOTP algorithms
  • Support for CWYS functionality

  • Easy to use
  • Maximal user base coverage
  • Doesn’t require additional expenses
  • Option to use your own bot (for clients who want full control over the authentication process)

See also

ImageToken ModelPrice, pcs
Brief DescriptionDescription
PROTECTIMUS TWOPROTECTIMUS TWO$11.99$11.49$10.99$9.99$8.99

$3 when paying service in advance for a year
Bulletproof OTP token: reliable, waterproof, stylishBulletproof TOTP token: reliable, waterproof, stylish

$3 when paying service in advance for a year
PROTECTIMUS FLEXPROTECTIMUS FLEX$19.99$18.99$16.99$15.99$13.99The reprogrammable and stylish hardware TOTP tokenThe reprogrammable hardware TOTP token
PROTECTIMUS SHARKPROTECTIMUS SHARK$14.99$14.49$13.99$12.99$11.99This hardware token offers exceptional security features by supporting TOTP (RFC 6238) and SHA-256 algorithmWe recommend using this token
PROTECTIMUS SLIM MINIPROTECTIMUS SLIM MINI$29.99$28.99$26.99$24.99$21.99Reprogrammable NFC token, that fits any two-factor authentication systemReprogrammable NFC token
PROTECTIMUS SMARTPROTECTIMUS SMARTfreeAvailable for all key Android and iPhone platformsSoftware token for Android and iPhones
PROTECTIMUS SMARTPROTECTIMUS PUSHfreePush via Android and iPhone applicationsСonvenient and reliable
PROTECTIMUS BOTPROTECTIMUS BOTfreeOTP delivery via messenger — easy, secure, convenient. The service is available on Telegram, Viber and Facebook Messenger.The service is available on Telegram, Viber and Facebook Messenger
PROTECTIMUS SMSPROTECTIMUS SMS$2 per user/monthMinimum hassleMinimum hassle

knowledge base

The Protectimus Bot is a brand-new approach to 2-factor authentication involving the use of chatbots on popular messaging platforms to deliver one-time passwords. Chatbots ProtectimusBot are available on Facebook Messenger, Telegram and Viber. The list of supported messaging applications is constantly growing, and can be expanded at the request of our clients. OTP delivery through messaging apps solves a number of key problems: it’s much more secure than SMS authentication, completely free and easy to use for clients and their users.

SMS authentication has always been the most popular means of multifactor authentication because sending one-time passwords and other notifications through SMS is very convenient — you only need to know the user’s telephone number. However, this OTP delivery method has a number of downsides: it’s expensive, offers a low level of security, and requires users to be within range of a mobile phone network. Using messaging apps makes delivering one-time passwords no less convenient, but it’s more secure — and best of all, it’s free!

2FA using messaging apps is cost effective: you don’t need to pay for expensive SMS messages; you can send OTP passwords and other notifications for free using these services. It’s easy to use: you don’t need to distribute hardware tokens to users or have them install authentication apps. In fact, one of the supported messaging apps is probably already installed on your users’ phones. It’s secure: access to messaging apps is protected by a password, and often by multifactor authentication as well. All messages are reliably encrypted. Internet access is required to use messaging apps.

One-time passwords delivered through Viber, Telegram, Messenger, etc. can be generated using HOTP (HMAC-based One-time Password Algorithm, RFC 4226) or TOTP (Time-based One-time Password Algorithm, RFC 6238) algorithm. CWYS (Confirm What You See) data-signing functionality is also supported. Based on OCRA (OATH Challenge-Response Algorithm, RFC 6287), it allows using transaction or session data to generate one-time passwords. TOTP, a time-based algorithm, is the optimal choice. Using CWYS functionality guarantees an even greater level of security.

To activate two-factor authentication using the Protectimus chatbot on Telegram, Facebook Messenger, Viber or another messaging app, users need to search for the @ProtectimusBot account in their messenger and start a chat with the bot using the /getid command. In response to the /getid command, the user will receive a unique chat ID, which they provide to their administrator to issue a token. As an administrator, issuing a token is even simpler: input the chat ID into the admin panel and a token will be assigned to the user.

What is the Protectimus Bot?

Why use messaging apps for OTP delivery?

2FA using messaging apps: pros and cons

Which OTP generation algorithms are supported?

How can I connect to Protectimus Bot?