Time-based one-time password

Last updated May 28, 2024

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.^[1]

History

Through the collaboration of several OATH members, a TOTP draft was developed in order to create an industry-backed standard. It complements the event-based one-time standard HOTP, and it offers end user organizations and enterprises more choice in selecting technologies that best fit their application requirements and security guidelines. In 2008, OATH submitted a draft version of the specification to the IETF. This version incorporates all the feedback and commentary that the authors received from the technical community based on the prior versions submitted to the IETF.^[2] In May 2011, TOTP officially became RFC 6238.^[1]

Algorithm

To establish TOTP authentication, the authenticatee and authenticator must pre-establish both the HOTP parameters and the following TOTP parameters:

T₀, the Unix time from which to start counting time steps (default is 0),
T_X, an interval which will be used to calculate the value of the counter C_T (default is 30 seconds).

Both the authenticator and the authenticatee compute the TOTP value, then the authenticator checks whether the TOTP value supplied by the authenticatee matches the locally generated TOTP value. Some authenticators allow values that should have been generated before or after the current time in order to account for slight clock skews, network latency and user delays.

TOTP uses the HOTP algorithm, replacing the counter with a non-decreasing value based on the current time:

TOTP value(K) = HOTP value(K, C_T),

calculating counter value

C_{T}=\left\lfloor {\frac {T-T_{0}}{T_{X}}}\right\rfloor ,

where

C_T is the count of the number of durations T_X between T₀ and T,
T is the current time in seconds since a particular epoch,
T₀ is the epoch as specified in seconds since the Unix epoch (e.g. if using Unix time, then T₀ is 0),
T_X is the length of one time duration (e.g. 30 seconds).

Unix time is not strictly increasing. When a leap second is inserted into UTC, Unix time repeats one second. But a single leap second does not cause the integer part of Unix time to decrease, and C_T is non-decreasing as well so long as T_X is a multiple of one second.^{[ original research? ]}

Security

Unlike passwords, TOTP codes are single-use, so a compromised credential is only valid for a limited time. However, users must enter TOTP codes into an authentication page, which creates the potential for phishing attacks. Due to the short window in which TOTP codes are valid, attackers must proxy the credentials in real time.^[3]

TOTP credentials are also based on a shared secret known to both the client and the server, creating multiple locations from which a secret can be stolen.^[4] An attacker with access to this shared secret could generate new, valid TOTP codes at will. This can be a particular problem if the attacker breaches a large authentication database.^[5]

Related Research Articles

Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner. Its designers aimed it primarily at a client–server model, and it provides mutual authentication—both the user and the server verify each other's identity. Kerberos protocol messages are protected against eavesdropping and replay attacks.

The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution.

An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.

Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that provides centralized authentication, authorization, and accounting (AAA) management for users who connect and use a network service. RADIUS was developed by Livingston Enterprises in 1991 as an access server authentication and accounting protocol. It was later brought into IEEE 802 and IETF standards.

RSA SecurID, formerly referred to as SecurID, is a mechanism developed by RSA for performing two-factor authentication for a user to a network resource.

In computer security, challenge-response authentication is a family of protocols in which one party presents a question ("challenge") and another party must provide a valid answer ("response") to be authenticated.

S/KEY is a one-time password system developed for authentication to Unix-like operating systems, especially from dumb terminals or untrusted public computers on which one does not want to type a long-term password. A user's real password is combined in an offline device with a short set of characters and a decrementing counter to form a single-use password. Because each password is only used once, they are useless to password sniffers.

This glossary lists types of keys as the term is used in cryptography, as opposed to door locks. Terms that are primarily used by the U.S. National Security Agency are marked (NSA). For classification of keys according to their usage see cryptographic key types.

A one-time password (OTP), also known as a one-time PIN, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.

Digest access authentication is one of the agreed-upon methods a web server can use to negotiate credentials, such as username or password, with a user's web browser. This can be used to confirm the identity of a user before sending sensitive information, such as online banking transaction history. It applies a hash function to the username and password before sending them over the network. In contrast, basic access authentication uses the easily reversible Base64 encoding instead of hashing, making it non-secure unless used in conjunction with TLS.

HMAC-based one-time password (HOTP) is a one-time password (OTP) algorithm based on HMAC. It is a cornerstone of the Initiative for Open Authentication (OATH).

OTPW is a one-time password system developed for authentication in Unix-like operating systems by Markus Kuhn. A user's real password is not directly transmitted across the network. Rather, a series of one-time passwords is created from a short set of characters and a set of one-time tokens. As each single-use password can only be used once, passwords intercepted by a password sniffer or key logger are not useful to an attacker.

Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.

LinOTP is Linux-based software to manage authentication devices for two-factor authentication with one time passwords. It is implemented as a web service based on the python framework Pylons. Thus it requires a web server to run in.

multiOTP is an open source PHP class, a command line tool, and a web interface that can be used to provide an operating-system-independent, strong authentication system. multiOTP is OATH-certified since version 4.1.0 and is developed under the LGPL license. Starting with version 4.3.2.5, multiOTP open source is also available as a virtual appliance—as a standard OVA file, a customized OVA file with open-vm-tools, and also as a virtual machine downloadable file that can run on Microsoft's Hyper-V, a common native hypervisor in Windows computers.

<span class="mw-page-title-main">YubiKey</span> Hardware authentication device

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.

Nitrokey is an open-source USB key used to enable the secure encryption and signing of data. The secret keys are always stored inside the Nitrokey which protects against malware and attackers. A user-chosen PIN and a tamper-proof smart card protect the Nitrokey in case of loss and theft. The hardware and software of Nitrokey are open-source. The free software and open hardware enables independent parties to verify the security of the device. Nitrokey is supported on Microsoft Windows, macOS, Linux, and BSD.

The following is a general comparison of OTP applications that are used to generate one-time passwords for two-factor authentication (2FA) systems using the time-based one-time password (TOTP) or the HMAC-based one-time password (HOTP) algorithms.

<span class="mw-page-title-main">OnlyKey</span> Hardware security token

OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, also acting as a portable password manager.

References

1 2 3 m'Raihi, David; Rydell, Johan; Pei, Mingliang; Machani, Salah (May 2011). "RFC 6238 – TOTP: Time-Based One-Time Password Algorithm". Archived from the original on July 11, 2011. Retrieved July 13, 2011.
↑ Alexander, Madison. "OATH Submits TOTP: Time-Based One Time Password Specification to IETF". Open Authentication. Archived from the original on 9 April 2013. Retrieved 22 February 2010.
↑ Umawing, Jovi (21 January 2019). "Has two-factor authentication been defeated? A spotlight on 2FA's latest challenge". Malwarebytes Labs. Archived from the original on 25 September 2020. Retrieved 9 August 2020.
↑ "Time-Based One-Time Passwords (TOTP)". www.transmitsecurity.com. 25 June 2020. Retrieved 2 May 2022.
↑ Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise". WIRED. Archived from the original on 12 November 2020. Retrieved 17 February 2017.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[RFC6238-1] 1 2 3 m'Raihi, David; Rydell, Johan; Pei, Mingliang; Machani, Salah (May 2011). "RFC 6238 – TOTP: Time-Based One-Time Password Algorithm". Archived from the original on July 11, 2011. Retrieved July 13, 2011.

[2] Alexander, Madison. "OATH Submits TOTP: Time-Based One Time Password Specification to IETF". Open Authentication. Archived from the original on 9 April 2013. Retrieved 22 February 2010.

[3] Umawing, Jovi (21 January 2019). "Has two-factor authentication been defeated? A spotlight on 2FA's latest challenge". Malwarebytes Labs. Archived from the original on 25 September 2020. Retrieved 9 August 2020.

[4] "Time-Based One-Time Passwords (TOTP)". www.transmitsecurity.com. 25 June 2020. Retrieved 2 May 2022.

[5] Zetter, Kim. "RSA Agrees to Replace Security Tokens After Admitting Compromise". WIRED. Archived from the original on 12 November 2020. Retrieved 17 February 2017.

[1]

[2]

[3]

[4]

[5]