(Redirected from Time-based One-time Password Algorithm)

The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It has been adopted as Internet Engineering Task Force[1] standard RFC 6238,[1] is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems.

TOTP is an example of a hash-based message authentication code (HMAC). It combines a secret key with the current timestamp using a cryptographic hash function to generate a one-time password. Because network latency and out-of-sync clocks can result in the password recipient having to try a range of possible times to authenticate against, the timestamp typically increases in 30-second intervals, which thus cuts the potential search space.

In a typical two-factor authentication application, setup proceeds as follows: a user enters username and password into a website or other server, the server generates a secret key which the user enters on to their TOTP application on a smartphone or other device (often by scanning a QR code). To verify that process worked, the user application immediately generates a one-time password to be checked by the server.

On subsequent authentications, the user enters their username, password and the current one-time password. The server checks the username and password as normal then also runs TOTP to verify the entered one-time password. For this to work, the clocks of the user's device and the server need to be roughly synchronized (the server will typically accept one-time passwords generated from timestamps that differ by ±1 time interval from the client's timestamp).

## Algorithm

To establish TOTP authentication, both parties must agree HOTP parameters, and additionally:

• T0, the Unix time from which to start counting time steps (defaults is 0)
• TX, an interval which will be used to calculate the value of the counter CT (defaults is 30 seconds)

Both the server and the client compute the token, then the server checks if the token supplied by the client matches the locally-generated token. Some servers allow codes that should have been generated before or after the current time in order to account for slight clock skews, network latency and user delays.

### TOTP value

TOTP uses the HOTP algorithm, substituting the counter with a non-decreasing value based on the current time.

TOTPvalue(K) = HOTPvalue(K, CT)

The time counter, CT, is an integer counting the number of durations, TX, in the difference between the current Unix time and some epoch (T0; cf. Unix epoch).

${\displaystyle C_{T}=\left\lfloor {\frac {T-T_{0}}{T_{X}}}\right\rfloor ,}$

Note that Unix time is not monotonic; specifically, when leap seconds are inserted into UTC.

## Weaknesses and vulnerabilities

TOTP codes can be phished just as passwords can, though they require phishers to proxy the credentials in real time rather than collect them later on in time.

Implementations that don't limit login attempts are vulnerable to brute forcing of codes.

An attacker who steals the shared secret can generate new, valid TOTP codes at will. This can be a particular problem if the attacker breaches a large authentication database.[2]

Because TOTP devices have batteries that go flat, clocks that can de-sync, and software versions are on phones that can be lost and/or stolen, all real-world implementations have methods to bypass the protection (e.g.: printed codes, email-resets, etc.). This can cause a considerable support burden for large user-bases, and also gives fraudulent users additional vectors to exploit.

TOTP codes are valid for longer than the amount of time they show on the screen (typically twice as long). This is a concession that the authenticating and authenticated sides' clocks can be skewed by a large margin.

All One Time Password-based authentication schemes (TOTP and HOTP included, among others) are still vulnerable to session hijacking, i.e., commandeering a user's session after they have logged in.

## History

A TOTP draft was developed through the collaboration of several OATH members in order to create an industry-backed standard. It complements the event-based one-time standard HOTP and offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.[3] In May, 2011, TOTP officially became RFC 6238.[1]

## Server implementations

Company Product or part
Microsoft Two-step verification[5]
Salesforce.com Account access, step-up authentication
Authy Account access, step-up authentication[6]
ServiceNow [7]
Amazon Amazon Web Services[10]
Bitbucket Account access[11]
Dropbox Account access[12]
Evernote Account access[13]
Gandi Account access[14]
Zoho Account access[15]
GitHub Account access[16]
Hiveage Account access[17]
LastPass Account access[18]
Linode Account access[19]
Wordpress.com Account access[20]
Hover Account access[21]
LinOTP
OpenAM Java-based single sign-on
ownCloud Account access[22]
Nextcloud Two-factor authentication[23]
multiOTP Tooling, web site integration, web service, radius plugin
privacyIDEA Authentication backend
XenForo [24]
Symantec VIP access[25]
HashiCorp Vault[26][27][28]
Yandex Account access[29][30]

## Client implementations

Company Description Cloud sync Operating system Non-default
Windows Mac Linux iOS Android Token length Hash method Interval Epoch
Google Authenticator Developed by Google and published in Playstore and AppStore No No No No Yes Yes No No No No
Microsoft Authenticator Developed by Microsoft No No No No Yes Yes Yes Unknown Unknown Unknown
1Password Securely encrypted cross-platform password manager with strong, built-in[31] Yes Yes Yes Yes Yes Yes No Unknown Unknown Unknown
Authy Developed by Twilio after an acquisition in 2015.[32] Also available for Chrome webstore. Yes Yes Yes No Yes Yes Yes No No No
Enpass[33] Password manager developed by Sinew Software Systems syncs over multiple back-ends. Yes Yes Yes Yes Yes Yes Unknown Unknown Unknown Unknown
FreeOTP[34] FreeOTP has been developed from Google Authenticator and maintained by RedHat No No No No Yes Yes Yes Yes Yes No
oathtool[35] oathtool is a command-line interface for generating OTP codes on Linux. No No No Yes No No Yes Yes Yes Yes
privacyIDEA Authenticator[36] privacyIDEA Authenticator is an Android App that implements HOTP and TOTP with a secure enrollment process for use with the privacyIDEA Authentication Server. No No No No No Yes Unknown Unknown Yes No
andOTP[37] andOTP is an Open-source two-factor authentication App for Android 4.4+ which implements Time-based One-time Passwords (TOTP) like specified in RFC 6238. It is also compatible with Google Authenticator. No No No No No Yes No No Yes No
Invantive Authenticator[38] TOTP password app, focusing on integration with Invantive Keychain. No Yes No No No No Yes Yes Yes Yes
LastPass Authenticator[39] A cross-platform OTP management solution for mobile devices with cloud backup support. Also available for Windows Mobile. Launched in March 2016. Yes No No No Yes Yes No No No No
TOTP.APP[40] A simple web-based TOTP Authenticator without registration. No Yes Yes Yes Yes Yes No No No No
Yubico[41] Yubico provides the Yubikey Authenticator for Desktop and Authenticator for Mobile applications. Also available on Linux. No Yes Yes Yes No Yes Unknown Unknown Unknown Unknown
KeePassXC[42] KeePassXC is primarily a password manager, but has support for TOTP since version 2.2.0. No Yes Yes Yes No No Yes Unknown Yes Unknown

Google Authenticator does not support T0, TX values, hash methods and token lengths different from the default. It also expects the K secret key to be entered (or supplied in a QR code) in base-32 encoding according to RFC 3548.[43]

## References

1. ^ a b c "RFC 6238 - TOTP: Time-Based One-Time Password Algorithm". Retrieved July 13, 2011.
2. ^ Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise". WIRED. Retrieved 2017-02-17.
3. ^ Alexander, Madison. "OATH Submits TOTP: Time-Based One Time Password Specification to IETF". Open Authentication. Retrieved 22 February 2010.
4. ^ "One Time Password Token Generator - OTP Authentication App - OTP Service Provider". OneLogin. Retrieved 2018-09-07.
5. ^ "Microsoft Account Gets More Secure". The Official Microsoft Blog. Retrieved 17 April 2013.
6. ^ "Spend 1 Day To 2FA Your VPN - Authy". Authy. 2017-01-01. Retrieved 26 April 2017.
7. ^
8. ^ "google-authenticator – Project Hosting on Google Code". Retrieved 22 February 2010.
9. ^ "Extra security feature". Retrieved 30 January 2014.
10. ^ "AWS Multi-Factor Authentication". Retrieved 6 March 2012.
11. ^ "Two-step verification is here". Retrieved 11 September 2015.
12. ^ "Another layer of security for your Dropbox account". Retrieved 4 May 2013.
13. ^ "Two-Step Verification Available to All Users". Retrieved 5 January 2015.
14. ^ "Gandi rolls out two-factor authentication". Retrieved 21 November 2013.
15. ^ "Two Factor Authentication". Retrieved 26 July 2017.
16. ^ "About Two-Factor Authentication". Retrieved 4 September 2013.
17. ^ "Introducing Two-Step Verification". Retrieved 7 February 2017.
18. ^ "Introducing Support for Google Authenticator". Retrieved 4 November 2011.
19. ^ "Linode Manager Two-Step Authentication". Retrieved 2 May 2013.
20. ^ "Two Step Authentication". WordPress. Retrieved 29 January 2014.
21. ^ "Two-step Signin is Here". Retrieved 25 February 2014.
22. ^ "A Two-Factor-Auth Provider for TOTP (e.g. Google Authenticator)". Retrieved 30 April 2017.
23. ^ "Nextcloud 11 sets new standard for security and scalability". Nextcloud. Retrieved 23 December 2016.
24. ^ "[FreddysHouse] Two-factor Authentication". FreddysHouse. Retrieved 10 February 2014.
25. ^ "Reversing the Symantec VIP Access Provisioning Protocol". September 29, 2014.
26. ^ "Vault 0.7.1". May 5, 2017.
27. ^ "Vault TOTP Secret Backend". Retrieved July 7, 2017.
28. ^ "Vault TOTP Secret Backend HTTP API". Retrieved July 7, 2017.
29. ^ "Yandex.Passport". January 1, 2015.