Time-based One-Time Password (TOTP)
TOTP generates short-lived codes that change every fixed time interval.
Updated: 2026-03-05
Definition
TOTP is an algorithm that generates one-time passcodes using a shared secret and the current time (often 30-second windows).
It’s commonly used by authenticator apps as a second factor for 2FA/MFA.
Key points
- Codes are time-limited (e.g., 30 seconds)
- Depends on a shared secret stored on server + device
- More resistant than SMS to SIM-swap attacks
Common mistakes
- Confusing TOTP with SMS OTP (delivery method matters for security).
- Not protecting backup codes (they can bypass TOTP).
Related exams
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams