https://www.techtarget.com/searchsecurity/definition/time-based-one-time-password-TOTP
A time-based one-time password (TOTP) is a temporary passcode generated by an algorithm that uses the current time of day as one of its authentication factors.
Time-based one-time passwords are commonly used for two-factor authentication (2FA), providing a second authentication factor that works for a limited amount of time.
TOTPs provide additional account security. If a user's traditional password is stolen or compromised, an attacker cannot gain account access without the TOTP, which expires quickly.
2FA is a common authentication method for verifying users' identities. It authenticates users based on two conditions: something they know and something they have. For example, when users log into their bank accounts with their username and password, an SMS message or email with a random code is sent for them to input into the banking service prior to logging them in. The username and password are known to the user, and the random code is sent to a device the user owns.
TOTPs typically expire after 30 or 60 seconds.
Various methods for users to receive time-based one-time passwords include the following:
TOTPs can be generated offline when using a mobile authenticator app or a hardware security token. This is ideal for authenticating users with limited internet access.
Time-based algorithms use the time -- along with a shared secret or token -- to generate a password. Non-time-based algorithms start with a seed value and use hash functions to generate passwords.
After the initial password is generated, the prior password is used as input to generate the next password.
TOTP is an approved standard (RFC 6238) of the Internet Engineering Task Force (IETF). Other OTP standards include the S/KEY One-Time Password System (RFC 1760), One-Time Password System (RFC 2289) and the HMAC-Based One-Time Password Algorithm (RFC 4226).
Editor's note: Informa TechTarget editors revised this article in 2025 to improve the reader experience.
02 Jun 2025