
The Time-based One-time Password algorithm (TOTP) is an extension of the HMAC-based One-time Password algorithm (HOTP) generating a one-time password by instead taking uniqueness from the current time. It has been adopted as Internet Engineering Task Force[1] standard RFC 6238,[1] is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems.
Because of latency, both network and human, and unsynchronised clocks, the one-time password must validate over a range of times between the authenticator and the authenticated. Here, time is downsampled into larger durations (e.g., 30 seconds) to allow for validity between the parties. However, as with HOTP the decreased uniqueness requires additional countermeasures, such as rate limiting.
Contents
AlgorithmEdit
To establish TOTP authentication, both parties must agree on both HOTP parameters and the additional TOTP parameters:
- T0, the Unix time from which to start counting time steps (default is 0)
- TX, an interval which will be used to calculate the value of the counter CT (default is 30 seconds)
Both the server and the client compute the TOTP value, then the server checks if the TOTP value supplied by the client matches the locally-generated TOTP value. Some servers allow values that should have been generated before or after the current time in order to account for slight clock skews, network latency and user delays.
TOTP valueEdit
TOTP uses the HOTP algorithm, substituting the counter with a non-decreasing value based on the current time.
- TOTP value(K) = HOTP value(K, CT)
The time counter, CT, is an integer counting the number of durations, TX, in the difference between the current Unix time, T, and some epoch (T0; cf. Unix epoch); the latter values all being in integer seconds.
Note that Unix time is not monotonic; specifically, when leap seconds are inserted into UTC.
Practical considerationsEdit
For subsequent authentications to work, the clocks of the user's device and the server need to be roughly synchronized (the server will typically accept one-time passwords generated from timestamps that differ by ±1 time interval from the client's timestamp).
Weaknesses and vulnerabilitiesEdit
TOTP values can be phished just as passwords can, though they require phishers to proxy the credentials in real time rather than collect them later on in time.
Implementations that don't limit login attempts are vulnerable to brute forcing of values.
An attacker who steals the shared secret can generate new, valid TOTP values at will. This can be a particular problem if the attacker breaches a large authentication database.[2]
Because TOTP devices have batteries that go flat and clocks that can de-sync, and TOTP software versions run on phones that can be lost and/or stolen, all real-world implementations have methods to bypass the protection (e.g.: printed codes, email-resets, etc.). This can cause a considerable support burden for large user-bases, and also gives fraudulent users additional vectors to exploit.
TOTP values are valid for longer than the amount of time they show on the screen (typically twice as long). This is a concession that the authenticating and authenticated sides' clocks can be skewed by a large margin.
All one-time password-based authentication schemes (TOTP and HOTP included, among others) are still vulnerable to session hijacking, i.e., commandeering a user's session after they have logged in.
HistoryEdit
A TOTP draft was developed through the collaboration of several OATH members in order to create an industry-backed standard. It complements the event-based one-time standard HOTP and offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.[3] In May, 2011, TOTP officially became RFC 6238.[1]
Server implementationsEdit
This section contains embedded lists that may be poorly defined, unverified or indiscriminate. (April 2014) |
Company | Product or part |
---|---|
OneLogin | [4] |
Microsoft | Two-step verification[5] |
Salesforce.com | Account access, step-up authentication |
Authy | Account access, step-up authentication[6] |
ServiceNow | [7] |
Google Authenticator[8] | |
Login approval, code generator[9] | |
Amazon | Amazon Web Services[10] |
Bitbucket | Account access[11] |
Dropbox | Account access[12] |
Evernote | Account access[13] |
Gandi | Account access[14] |
Zoho | Account access[15] |
GitHub | Account access[16] |
Hiveage | Account access[17] |
LastPass | Account access[18] |
Linode | Account access[19] |
Wordpress.com | Account access[20] |
Hover | Account access[21] |
LinOTP | |
OpenAM | Java-based single sign-on |
ownCloud | Account access[22] |
Nextcloud | Two-factor authentication[23] |
multiOTP | Tooling, web site integration, web service, radius plugin |
privacyIDEA | Authentication backend |
XenForo | [24] |
Symantec | VIP access[25] |
HashiCorp | Vault[26][27][28] |
Yandex | Account access[29][30] |
Client implementationsEdit
Implementation | Description | Online sync. | Operating system | Non-default | |||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Windows | Mac | Linux | iOS | Android | Value length, d | Hash, H | Interval, TX | Epoch, T0 | |||
Google Authenticator | No | No | No | No | Yes | Yes | No | No | No | No | |
Microsoft Authenticator | No | No | No | No | Yes | Yes | Yes | Unknown | Unknown | Unknown | |
1Password | Cross-platform password manager[31] | Yes | Yes | Yes | Yes | Yes | Yes | No | Unknown | Unknown | Unknown |
Authy | By Twilio, from 2015, originally Authy.[32] Also available for Chrome. | Yes | Yes | Yes | No | Yes | Yes | Yes | No | No | No |
Enpass[33] | Password manager by Sinew Software Systems. Syncs over multiple back-ends. | Yes | Yes | Yes | Yes | Yes | Yes | Unknown | Unknown | Unknown | Unknown |
FreeOTP[34] | Maintained by RedHat, and based on Google Authenticator. | No | No | No | No | Yes | Yes | Yes | Yes | Yes | No |
oathtool [35] |
Command-line tool for generating OTP tokens. | No | No | No | Yes | No | No | Yes | Yes | Yes | Yes |
privacyIDEA Authenticator[36] | For use with privacyIDEA Authentication Server, with a secure enrollment process. | No | No | No | No | No | Yes | Unknown | Unknown | Yes | No |
andOTP[37] | Open-source app for Android 4.4+. Compatible with Google Authenticator. | No | No | No | No | No | Yes | No | No | Yes | No |
Invantive Authenticator[38] | Focuses on integration with Invantive Keychain. | No | Yes | No | No | No | No | Yes | Yes | Yes | Yes |
LastPass Authenticator[39] | Cross-platform OTP for mobile devices with support for online backup. | Yes | Windows Phone | No | No | Yes | Yes | No | No | No | No |
TOTP.APP[40] | Web-based authenticator not requiring registration. | No | Yes | Yes | Yes | Yes | Yes | No | No | No | No |
Authenticator for Desktop[41] | By Yubico, for use with Yubikeys. | No | Yes | Yes | Yes | N/A | N/A | Unknown | Unknown | Unknown | Unknown |
Authenticator for Android | N/A | N/A | N/A | No | Yes | ||||||
KeePassXC[42] | Password manager | No | Yes | Yes | Yes | No | No | Yes | Unknown | Yes | Unknown |
ReferencesEdit
- ^ a b c "RFC 6238 - TOTP: Time-Based One-Time Password Algorithm". Retrieved July 13, 2011.
- ^ Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise". WIRED. Retrieved 2017-02-17.
- ^ Alexander, Madison. "OATH Submits TOTP: Time-Based One Time Password Specification to IETF". Open Authentication. Retrieved 22 February 2010.
- ^ "One Time Password Token Generator - OTP Authentication App - OTP Service Provider". OneLogin. Retrieved 2018-09-07.
- ^ "Microsoft Account Gets More Secure". The Official Microsoft Blog. Retrieved 17 April 2013.
- ^ "Spend 1 Day To 2FA Your VPN - Authy". Authy. 2017-01-01. Retrieved 26 April 2017.
- ^ "Multifactor authentication".
- ^ "google-authenticator – Project Hosting on Google Code". Retrieved 22 February 2010.
- ^ "Extra security feature". Retrieved 30 January 2014.
- ^ "AWS Multi-Factor Authentication". Retrieved 6 March 2012.
- ^ "Two-step verification is here". Retrieved 11 September 2015.
- ^ "Another layer of security for your Dropbox account". Retrieved 4 May 2013.
- ^ "Two-Step Verification Available to All Users". Retrieved 5 January 2015.
- ^ "Gandi rolls out two-factor authentication". Retrieved 21 November 2013.
- ^ "Two Factor Authentication". Retrieved 26 July 2017.
- ^ "About Two-Factor Authentication". Retrieved 4 September 2013.
- ^ "Introducing Two-Step Verification". Retrieved 7 February 2017.
- ^ "Introducing Support for Google Authenticator". Retrieved 4 November 2011.
- ^ "Linode Manager Two-Step Authentication". Retrieved 2 May 2013.
- ^ "Two Step Authentication". WordPress. Retrieved 29 January 2014.
- ^ "Two-step Signin is Here". Retrieved 25 February 2014.
- ^ "A Two-Factor-Auth Provider for TOTP (e.g. Google Authenticator)". Retrieved 30 April 2017.
- ^ "Nextcloud 11 sets new standard for security and scalability". Nextcloud. Retrieved 23 December 2016.
- ^ "[FreddysHouse] Two-factor Authentication". FreddysHouse. Retrieved 10 February 2014.
- ^ "Reversing the Symantec VIP Access Provisioning Protocol". September 29, 2014.
- ^ "Vault 0.7.1". May 5, 2017.
- ^ "Vault TOTP Secret Backend". Retrieved July 7, 2017.
- ^ "Vault TOTP Secret Backend HTTP API". Retrieved July 7, 2017.
- ^ "Yandex.Passport". January 1, 2015.
- ^ "Yandex now lets you log in without a login (or a password)". February 3, 2015.
- ^ "Use 1Password as an authenticator for sites with two-factor authentication". 1Password. Retrieved 2018-09-07.
- ^ Lardinois, Frederic (2015-02-24). "Twilio Acquires Two-Factor Authentication Service Authy". TechCrunch. Retrieved 2018-03-05.
- ^ "Best password manager for iOS, Android, Windows, Linux, Mac | Enpass". www.enpass.io. Retrieved 2018-09-07.
- ^ "FreeOTP". freeotp.github.io.
- ^ "OATH Toolkit". www.nongnu.org. Retrieved 2018-09-07.
- ^ "privacyIDEA Authenticator". GitHub. Retrieved 2018-09-07.
- ^ "andOTP/andOTP". GitHub.
- ^ B.V., Invantive Software. "Invantive Authenticator". two-step-verification.solutions. Retrieved 2018-09-07.
- ^ "LastPass - LastPass Authenticator". lastpass.com. Retrieved 2018-09-07.
- ^ "Online one-time password generator / TOTP (Google Authenticator) Online". totp.app. Retrieved 2018-09-07.
- ^ "Using Your YubiKey with Authenticator Codes : Yubico Support". support.yubico.com.
- ^ Team, KeePassXC. "KeePassXC 2.2.0 released - KeePassXC". keepassxc.org.