TOTP

Rate this page:

TOTP stands for Time-based One-time Passwords and is a common form of Two-factor Authentication. Unique numeric passwords are generated with an algorithm that uses the current time as an input. The time-based passwords expire and therefore offer increased security for 2FA. TOTP is also known as a soft token.

 

TOTP works offline

The TOTP algorithm uses device time and a stored secret key as inputs and does not require internet connectivity to generate or verify a token. Therefore a user can access TOTP via an app like Authy while offline.

TOTP with the Twilio Authy API

Using Twilio's Authy API, you can generate time-based one-time passwords. The API also offers built-in support to send one-time passwords over voice or SMS channels. Users who install the free Authy app are prompted to use the TOTP generated in the application.

Authy push notification - app installed on attempt to send an SMS

Twilio's Authy API follows the algorithms described in RFC 6238 and RFC 4226 to generate TOTP (Time-Based One-Time Passwords) passwords.

TOTP in the Authy App

Here is an example of a TOTP inside the Authy App. Tokens regenerate every 20 seconds.

Authy App showing Gemini TOTP

Get Started with TOTP

Rate this page:

Thank you for your feedback!

We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

Sending your feedback...
🎉 Thank you for your feedback!
Something went wrong. Please try again.

Thanks for your feedback!

Refer us and get $10 in 3 simple steps!

Step 1

Get link

Get a free personal referral link here

Step 2

Give $10

Your user signs up and upgrade using link

Step 3

Get $10

1,250 free SMSes
OR 1,000 free voice mins
OR 12,000 chats
OR more