TOTP - Time-based One-time Password Algorithm is an extension of the HMAC-based One Time Password algorithm HOTP to support a time based moving factor. TOTP is an Internet Engineering Task Force standard[1] and a cornerstone of Initiative For Open Authentication (OATH).
Contents |
TOTP can be used to authenticate a user in a system via an authentication server. If some more steps are carried out, the user can also authenticate the validation server.
A TOTP draft was developed through the collaboration of several OATH members in order to create an industry-backed standard. It complements the event-based one-time standard HOTP and offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.[2] In May, 2011, TOTP officially became RFC 6238.[1]
Google has implemented a version of TOTP in their Google Authenticator which is the basis of its two-factor authentication.[3]