Time-based one-time password: Difference between revisions

TOTP - Time-based One-time Password Algorithm is an extension of the HMAC-based One Time Password algorithm HOTP to support time based moving factor. TOTP was submitted to the IETF as an Internet-Draft. It is a cornerstone of Initiative For Open Authentication (OATH).

TOTP can be used to authenticate a user in a system via an authentication server. Also, if some more steps are carried out, the user can also authenticate the validation server.

The TOTP draft was developed through the collaboration of several OATH members in order to create an industry-backed standard. It complements the event-based one-time standard HOTP, and offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines.

In addition, OATH also submitted the final version of the OCRA (OATH Challenge-Response Algorithms) specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.^[1]

Google have implemented a version of TOTP in their Google Authenticator with is the basis of their two-step authentication.^[2]

• Initiative For Open Authentication
• HOTP

• Draft from IETF web site
• Initiative for Open Authentication
• OATH Toolkit is an implementation in C as a shared library, command line tool and PAM module