TOTP stands for Time-based One-time Passwords and is a common form of Two-factor Authentication. Unique numeric passwords are generated with an algorithm that uses the current time as an input. The time-based passwords expire and therefore offer increased security for 2FA. TOTP is also known as a soft token.
The TOTP algorithm uses device time and a stored secret key as inputs and does not require internet connectivity to generate or verify a token. Therefore a user can access TOTP via an app like Authy while offline.
Using Twilio's Authy API, you can generate time-based one-time passwords. The API also offers built-in support to send one-time passwords over
SMS channels. Users who install the free Authy app are prompted to use the TOTP generated in the application.
Here is an example of a TOTP inside the Authy App. Tokens regenerate every 20 seconds.