time-based one-time password (TOTP)

Contributor(s): Colin Steele

A time-based one-time password (TOTP) is a temporary passcode, generated by an algorithm, for use in authenticating access to computer systems.

The algorithm that generates each password uses the current time of day as one of its factors, ensuring that each password is unique. Time-based one-time passwords are commonly used for two-factor authentication and have seen growing adoption by cloud application providers. In two-factor authentication scenarios, a user must enter a traditional, static password and a TOTP to gain access. 

There are various methods available for the user to receive a time-based one-time password, including:

  • hardware security tokens which display the password on a small screen;
  • mobile apps, such as Google Authenticator;
  • text messages sent from a centralized server.

Time-based one-time passwords provide additional security, because even if a user's traditional password is stolen or compromised, an attacker cannot gain access without the TOTP, which changes every 30 or 60 seconds. TOTP is an approved standard of the Internet Engineering Task Force (IETF). 


This was last updated in March 2014

Continue Reading About time-based one-time password (TOTP)

Dig Deeper on Web authentication and access control

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.


File Extensions and File Formats

Powered by: