← Back to glossary

⏱️

TOTP (Time‑Based One‑Time Password)

Authentication

Multi-Factor Authentication (MFA) Authenticator Application Two-Factor Authentication (2FA)

RFC 6238 one-time code derived from time.

Definition

TOTP generates short-lived one-time passwords using HMAC over a shared secret and a time step (e.g., 30 seconds), commonly producing 6–8 digit codes.

In plain English RFC 6238 one-time code derived from time.

Why this matters

Why it matters: It provides possession-factor verification without transmitting reusable secrets, limiting replay and credential stuffing success.

Example

Example: An RFC 6238-compatible authenticator app used as the second factor.