What is Time Based One Time Password (TOTP)? – Definition, and More

Kamran Sharief

3 years ago

Table of Contents

TOTP Definition

The TOTP process is an extension of the HOTP, which generates a unique password by taking the uniqueness of the current time.

TOTP token services depend on a physical device, rather than a telephone number.

In addition to increased security, TOTP provides benefits that include working without an Internet connection.

And also, it has compatibility with a variety of applications such as Google Authenticator, Microsoft Authenticator, and password managers.

Also Read: What Is APR (Annual Percentage Rate)? How Does It Work?

The time-based one-time password algorithm uses the keyed hash message authentication code (HMAC) to calculate the time-dependent passwords.
A secret key agreed between the user and the system to log in and time information coordinated between the user and the system.
The Unix time, which counts the seconds since January 1, 1970, 00:00 UTC, serves as time information.
The number of seconds rounded to 30 seconds. The algorithm generates a hash value from this rounded number and the secret key.
It is shortened to a particular bit length and displayed using a modulo operation as a six or eight-digit decimal number.
If there is no sufficiently synchronized and precise time information available, the authentication fails.

In addition to TOTP, the so-called HMAC-based One-time Password (HOTP) is another method for generating one-time passwords.
To generate the one-time password to the secret key, it is not the rounded second value, but it uses an event-controlled counter.
The counter increases by one for the generation of each new password. The counter on the server also increases after each successful authentication.
Since the counters can diverge with this method and it cannot be synchronized, and the servers generally accept a number of one-time passwords.
Only when the one-time password is outside the window does the authentication fail.

TOTP often used to create a further authentication feature in the context of two-factor authentication.

It generates a unique hardware token or an app on the user’s smartphone.
Thanks to TOTP, the time-dependent one-time password can only be used for a limited time.
Since unauthorized persons can have a one-time password and it is valid for a short time, two-factor authentication via TOTP considers being extremely secure.
However, the secret key for generating the passwords must not disclose to unauthorized persons.

Also Read: What is Alexa? – Definition,Types, Privacy, and More

Also You can find more helpful resources at royalbeautyblog