TOTP is a time-based one-time password method that generates short-lived verification codes from a shared secret and the current time. It matters because short-lived rotating codes can improve login security without relying on constant network delivery.
What is TOTP?
Time-Based One-Time Password, or TOTP, is widely used in authenticator apps and MFA systems. Both the client and server derive a code from the same shared secret and the current time, allowing the user to enter a code that changes every short interval.
What TOTP Commonly Supports
Common uses include authenticator apps, consumer and workforce MFA, offline-capable second factors, and step-up authentication scenarios.
TOTP vs. SMS OTP
TOTP codes are generated locally from a shared secret and time. SMS OTP codes are delivered over the phone network and depend on message delivery.
Frequently Asked Questions
Why is TOTP useful?
Because it avoids some telecom-based weaknesses and can work offline once the secret is enrolled.
Is TOTP phishing-resistant?
No. It is useful and common, but entered codes can still be captured by phishing or real-time adversary-in-the-middle attacks.
