A B C D E F G H I J K L M N O P Q R S T U V W Z
Ta Te Th Ti Tl To Tr Ty
Tok Tot Tox

TOTP

TOTP is a time-based one-time password method that generates short-lived verification codes from a shared secret and the current time. It matters because short-lived rotating codes can improve login security without relying on constant network delivery.

What is TOTP?

Time-Based One-Time Password, or TOTP, is widely used in authenticator apps and MFA systems. Both the client and server derive a code from the same shared secret and the current time, allowing the user to enter a code that changes every short interval.

What TOTP Commonly Supports

Common uses include authenticator apps, consumer and workforce MFA, offline-capable second factors, and step-up authentication scenarios.

TOTP vs. SMS OTP

TOTP codes are generated locally from a shared secret and time. SMS OTP codes are delivered over the phone network and depend on message delivery.

Frequently Asked Questions

Why is TOTP useful?

Because it avoids some telecom-based weaknesses and can work offline once the secret is enrolled.

Is TOTP phishing-resistant?

No. It is useful and common, but entered codes can still be captured by phishing or real-time adversary-in-the-middle attacks.

Related Cybersecurity Terms

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.