What is a time-based one-time password?
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.
Why are TOTPs important?
Time-based one-time passwords provide additional security. Even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which expires quickly.
How does a TOTP work?
2FA is a common method for verifying the identity of users. It authenticates users based on two conditions: something they know and something they have. For example, when users log into their bank accounts with their username and password, an SMS message or email with a random code will be sent for them to input into the banking service prior to logging them in. The username and password are known to the user, and the random code is sent to a device the user owns.
TOTPs typically expire after 30, 60, 120 or 240 seconds.
Various methods are available for users to receive time-based one-time passwords, including the following:
What's the difference between time-based and non-time-based OTPs?
Time-based algorithms use the time -- along with a shared secret or token -- to generate a password. Non-time-based algorithms start with a seed value and use hash functions to generate passwords.
After the initial password is generated, the prior password is used as input to generate the next password.
TOTP is an approved standard of the Internet Engineering Task Force (IETF).
This article was written by Colin Steele in 2019. TechTarget editors revised it in 2022 to improve the reader experience.