A TOTP (Time-based One-Time Password) is a temporary passcode generated by an algorithm for authenticating access to computer systems. It is a form of 2FA (two-factor authentication) enhancing security by requiring not only a password but also a time-sensitive code. The code, typically generated on a mobile device, expires after a short window, reducing the risk of interception and reuse.
From a risk management perspective, requiring TOTP for system access reduces the likelihood of credential-based attacks, such as phishing or brute force attempts. They are widely used to secure remote access, privileged accounts, and are becoming commonplace for everyday authentication.
Examples include Google Authenticator, Microsoft Authenticator, and RSA SecureID tokens.
Related pages: