> For the complete documentation index, see [llms.txt](https://docs.continuousauth.dev/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.continuousauth.dev/security/storing-otps.md). # Storing OTPs CFA permanently stores your provided OTPs alongside the request, there is no real **technical** reason for this we could easily wipe them after the request has been obtained and at some point we might. While CFA is still in preview we keep it around for debugging purposes. To explain how this doesn't make your OTP secret less secure I'd like to refer you to the original [OTP RFC](https://tools.ietf.org/html/rfc4226#section-6). > Assuming an adversary is able to observe numerous protocol exchanges and collect sequences of successful authentication values. This adversary, trying to build a function F to generate HOTP values based on his observations, will not have a significant advantage over a random guess. Basically, you can have as many examples of OTPs for a given secret as you want and it won't make it any easier for an attacker to guess a valid OTP. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.continuousauth.dev/security/storing-otps.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.