The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers. In two-factor authentication scenarios, a user must enter a traditional, static password and a TOTP to gain access.
There are various methods available for the user to receive a time-based one-time password, including:
- hardware security tokens which display the password on a small screen;
- mobile apps, such as Google Authenticator;
- text messages sent from a centralized server.
Time-based one-time passwords provide additional security, because even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which changes every 30 or 60 seconds. TOTP is an approved standard of the Internet Engineering Task Force (IETF).