DEV Community

Abbas Ogaji
Abbas Ogaji

Posted on


TL;DR : RFC 6238, TOTP (Time based one time password)

Used in:

  1. Google Authenticator.
  2. Twillio Authy e.t.c

// n digits 
TOTP = TRUCATE(HMAC(secret_key, counter))%10^n

Enter fullscreen mode Exit fullscreen mode


  1. secret_key = shared between client and server
  2. counter = floor(unix-time/time step)

Hash will be truncated, converted to decimal divided by 10^n (where n is the number of otp digits), the result of the remainder will give you an n length integer, which is our OTP code

Top comments (0)