Definition

time-based one-time password (TOTP)

Contributor(s): Colin Steele

A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm, for use in authenticating access to computer systems.

The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers. In two-factor authentication scenarios, a user must enter a traditional, static password and a TOTP to gain access. 

There are various methods available for the user to receive a time-based one-time password, including:

  • hardware security tokens which display the password on a small screen;
  • mobile apps, such as Google Authenticator;
  • text messages sent from a centralized server.

Time-based one-time passwords provide additional security, because even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which changes every 30 or 60 seconds. TOTP is an approved standard of the Internet Engineering Task Force (IETF). 

 

This was last updated in March 2014

Continue Reading About time-based one-time password (TOTP)

Dig Deeper on Web Authentication and Access Control

PRO+

Content

Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close