- What is TOTP?
TOTP (Time-based One-Time Password) is a 2FA (two-factor authentication) method defined in RFC 6238 TOTP.
RFC 6238, also known as the Time-Based One-Time Password (TOTP) standard, defines a method for generating short-lived, single-use passcodes based on a shared secret and the current time. Published by the Internet Engineering Task Force in 2011, it provides the foundation for many modern two-factor authentication systems, including those used by authenticator apps and online services.
It works like this:
Server and user share a secret key
Both sides generate a 6-digit code based on:
current time (usually 30-second window)
the shared secret
Codes change every ~30 seconds
Typical apps:
- Google Authenticator
- Microsoft Authenticator
- Why use TOTP?
Compared to SMS:
- No dependency on telecom
- Resistant to SIM swap
- Offline capable
- How to integrate TOTP in Spring Boot 3.5
Do not finish it now. It’s easy to finish.
⚠️ warn
aaa bbb ccc
最后编辑:张三 更新时间:2026-03-26 10:40
