Understanding TOTP Codes: A Short Guide to Securing Your Accounts

Published by Mika Berglund on

TOTP - Time-based One-Time Passwords.

In the world of online security, TOTP codes (Time-based One-Time Password) are like your account’s secret superhero. They add an extra layer of protection to make sure only you get into your accounts. Let’s break down what TOTP codes are, what they’re used for, and how they’re cooked up without diving into fancy tech talk.

What Are TOTP Codes?

Imagine TOTP codes as digital bodyguards for your online accounts. They create a special, ever-changing password that acts like a secret handshake to keep the bad guys out.

What Are They Used For?

Okay, so you’ve probably seen that extra step when logging into your email or social media – the one where it asks for a code from your authenticator app. That’s where TOTP codes step in. They’re like the bouncer at the club, making sure only the right person (you) gets in.

How Are They Cooked Up?

Now, let’s talk about how these TOTP codes are whipped up in the kitchen of online security:

  1. Setting Up: When you turn on two-factor (sometimes referred to as multi-factor) authentication (2FA/MFA) for your account, you usually connect it to an app on your phone. This app becomes your sidekick in the fight against unauthorized access.
  2. Secret Key: Your account and the app share a secret key. It’s like having a special ingredient that only you and your app know about. This key kicks off the process of making your unique TOTP codes.
  3. Time Magic: There’s a secret sauce called an algorithm. It’s like a recipe that involves the current time and your secret key. Your app and the online service both use this magic to cook up the TOTP code.
  4. Changing Every 30 – 60 Seconds: TOTP codes don’t stick around for long – they change every 30 – 60 seconds. This is like changing the locks on your digital door regularly. It keeps things extra secure.
  5. Time Sync: For this to work smoothly, your phone and the online service need to agree on the time. But don’t worry, this is usually done automatically – no need to set your digital clocks.


TOTP codes might sound like tech wizardry, but they’re really just your online account’s way of putting on an extra lock. They make it way harder for someone to sneak in, even if they somehow get your password. So, the next time you see that prompt for a code from your app, think of it as your account doing a secret handshake to keep your information safe. Stay safe out there!

Further Reading

If you want to read more about TOTP codes and the algorithms behind them, have a look at Time-based one-time passwords on Wikipedia.

If you want to create applications that produce TOTPs programmatically, like UI tests and browser automation systems with Playwright, add a reference to the Otp.NET assembly in your code.


Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *