A one-time token is a six-digit token that can be sent to your registered email address or registered text-enabled device in the event that your RDS MFA device is lost, damaged, or not working, and you are unable to reset your MFA configuration and need immediate access to the RDS Secure Website. One-time tokens expire 10 minutes after the request is made; if the token expires, users must request a new token.
Providing a text-enabled device number is optional. However, if you do not register a text-enabled device with your RDS user account, a one-time token cannot be provided to you via text (SMS) message. For text (SMS) messages, there is no charge from CMS' RDS Center, however standard rates from your carrier may apply. Refer to your plan for guidance.
One-time tokens are only to be used in cases of emergencies, when immediate access to the RDS Secure Website is necessary but you are not able to use Google Authenticator. One-time tokens cannot be the primary, recurring method of accessing the RDS Secure Website. Consequently, users can only use one-time tokens three consecutive times to log into the Secure Website. After three uses, users must use Google Authenticator to log in, at which time their one-time token use is reset back to zero.
Refer to Multi-Factor Authentication for additional information.