4.4.2.15. TOTP

The TOTP token is - together with the HOTP - the most common token. The TOTP Algorithm is defined in RFC6238. The TOTP token is a time based token. Roughly speaking the TOTP algorithm is the same algorithm like the HOTP, where the event based counter is replaced by the unix timestamp.

The TOTP algorithm has some parameter, like if the generated OTP value will be 6 digits or 8 digits or if the SHA1 oder the SHA256 hashing algorithm is used and the timestep being 30 or 60 seconds.

4.4.2.15.1. Hardware tokens

The information about preseeded token and seedable tokens is the same as described in the section about HOTP.

The only available seedable pushbutton TOTP token is the SafeNet eToken Pass. The Yubikey can be used as a TOTP token, but only in conjunction with a smartphone app, since the yubikey has not its own clock.

4.4.2.15.2. Software tokens

4.4.2.15.2.1. Experiences

The Google Authenticator and the FreeOTP token can be enrolled easily in TOTP mode using the QR-Code enrollment Feature.

The Google Authenticator is available for iOS, Android and Blackberry devices.

4.4.2.15.3. Enrollment

Default settings for TOTP tokens can be configured at TOTP Token Config.

The enrollment is the same as described in HOTP. However, when enrolling TOTP token, you can specify some additional parameters.

../../_images/enroll_totp.png

Enroll an TOTP token