What are the differences between OTPs and TOTPs?

What are the differences between OTPs and TOTPs?

OTPs (One-Time Passwords) and TOTPs (Time-Based One-Time Passwords) are both used for authentication purposes, but they differ in terms of how they generate the one-time passwords.

OTPs are typically generated using a hardware or software token that generates a unique password for each authentication attempt. These passwords can be generated using algorithms such as HOTP (HMAC-based One-Time Password) or TOTP (Time-based One-Time Password). HOTP generates a new password each time the token is used, while TOTP generates a password that is valid for a specific period of time (usually 30 seconds).

On the other hand, TOTPs are generated based on the current time and a shared secret key between the user and the service provider. The TOTP algorithm combines the current time with the secret key to generate a unique one-time password that changes periodically, typically every 30 seconds. The user enters the current TOTP displayed on their device, and the service provider validates it against the expected TOTP generated using the same shared secret key and current time.

In summary, while OTPs are generated using a token, TOTPs are generated based on the current time and a shared secret key. TOTPs are more widely used today because they offer better security than traditional static passwords, and they do not require a separate token device.

Back