Skip to main content

TOTP: Time-Based One-Time Password Algorithm
RFC 6238

Approval announcement
Draft of message to be sent after approval:


From: The IESG <>
To: IETF-Announce <>
Cc: Internet Architecture Board <>,
    RFC Editor <>
Subject: Document Action: 'TOTP: Time-based One-time Password Algorithm' to Informational RFC (draft-mraihi-totp-timebased-08.txt)

The IESG has approved the following document:
- 'TOTP: Time-based One-time Password Algorithm'
  (draft-mraihi-totp-timebased-08.txt) as an Informational RFC

This document has been reviewed in the IETF but is not the product of an
IETF Working Group.

The IESG contact person is Sean Turner.

A URL of this Internet Draft is:

Ballot Text

Technical Summary

This document describes an extension of one-time password (OTP) 
algorithm, namely the HAMC-Based One-Time Password (HOTP) Algorithm as 
defined in RFC 4226, to support time-based moving factor. The HOTP 
algorithm specifies an event based OTP algorithm where the moving factor 
is an event counter. The present work bases the moving factor on a time 
value. A time-based variant of the OTP algorithm provides short-lived 
OTP values, which are desirable for enhanced security.

The authors believe that a common and shared algorithm will facilitate 
adoption of two-factor authentication on the Internet by enabling 
interoperability across commercial and open-source implementations.

Working Group Summary

This document was developed outside the IETF, namely in the OATH 
community. A number of OATH members participated in the IETF KEYPROV 
working group and brought this work forward to the IETF.

Document Quality

This document is an AD-sponsored submission and has enjoyed review 
within the OATH community. Implementations of the specification exist.


Hannes Tschofenig <> is the document shepherd 
for this document.
Sean Turner <> is the sponsoring Area Director. 

RFC Editor Note