security en
Time-based one-time password
security
Also called: TOTP
Plain-language definition
Plain-language definition
A short code generated from a shared secret and the current time.
Why it matters
TOTP adds a possession factor but users still need phishing awareness and secure recovery options.
Technical detail
TOTP derives a changing numeric value from a secret key and time step; verifier and authenticator clocks must remain close enough for accepted windows.
Examples
- An authenticator app generates a new six-digit code every 30 seconds.
Related terms
Sources and review
Reviewed July 12, 2026 by e2e-1783854138445-0citu53rtqqe@test.repairyour.tech. Next review due January 11, 2027.
- Digital Identity Guidelines Glossary — National Institute of Standards and Technology Accessed 7/11/2026
See something we should improve?
Suggest a correction to “Time-based one-time password.” Suggestions are reviewed before the published definition changes.