Stack Overflow
Stack Overflow

Questions tagged [totp]

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time.

TOTP is based on HOTP with a timestamp replacing the incrementing counter.

The current timestamp is turned into an integer time-counter (TC) by defining the start of an epoch (T0) and counting in units of a time interval (TI).

Wiki: https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm

172 questions
1
vote
0 answers

Can Power Automate produce a one time use password that can be used to access an external website?

I want to gate-keep a website based on the results of a screening survey (i.e. using Microsoft Forms) which would provide a randomized, one-time use password to a qualifying participant. That participant would receive their password and a link to…
DSM
  • 11
  • 1
1
vote
0 answers

TOTP issues in c# with same server as code generator and validator

I am trying to implement a time based OTP in my project where code generation and code validation will be done by same server. My whole requirement is to generate a OTP which should be valid for some time (configurable) and then send it to user…
Mr Lazy
  • 11
  • 1
1
vote
0 answers

Python Generate TOTP Counter Value (Platform Independent)

I am trying to create a TOTP generator. This needs a 'counter value' which uses the following formula: Calculating counter value CT Count of the number of durations TX between T0 and T T Current time or Unix time T0 some epoch (eg. Unix epoch…
XDGFX
  • 41
  • 2
  • 9
1
vote
0 answers

How to make a HTTP Basic Authentication post request where password is generated by TOTP in node js

I have successfully completed the other parts of the challenge and am stuck on submitting the request. please can anyone help me in making a POST request so that i can send in my solution. it's been a real struggle trust…
user14030147
  • 11
  • 4
1
vote
2 answers

Is it possible to set Twilio Verify api token expiry time?

I want to use Twilio's "Verify" service for my 4 digits OTP verification, but I don't see any expiry time mentioned in there api documents. I can't use there "Authy" service since my requirement is to have 4 digits OTP. Is it possible to set expiry…
shamila
  • 1,280
  • 6
  • 20
  • 45
1
vote
1 answer

Azure B2C configure OTP parameters using policies

I'm trying to configure a B2C tenant using policies instead of user flows.For that, I'm using the SocialAndLocalAccount template as start base. One of the things I'd like to do is to configure the email's verification parameters so I can choose the…
AlmondCluster
  • 63
  • 10
1
vote
1 answer

HOTP - counter value security

i have two question about the "(H)OTP algorithm" regarding a security issue. We all know how "TOTP" works, we scan a qr code and every 30 seconds a new 6-8 digits code gets displayed, almost no magic. Now back to "HOTP", in addition to the payload…
Creative crypter
  • 1,348
  • 6
  • 30
  • 67
1
vote
1 answer

Matching TOTP implementation with Google Authenticator

(Solution) TL;DR: Google assumes the key string is base32 encoded; replacing any 1 with I and 0 with O. This must be decoded prior to hashing. Original Question I'm having difficulty having my code match up with GA. I even went chasing down counters…
Nolan Robidoux
  • 395
  • 2
  • 17
1
vote
1 answer

How to Correctly Call TOTP Func in Data.OTP?

When I use the secret key "abcdefghijklmnop" in Google Authenticator (Android), Microsoft Authenticator (Android) and oathtool (Ubuntu 18.04.3 LTS), I get matching Time-based One-Time Password (TOTP) values. Unfortunately, I do not get a matching…
Shawn Eary
  • 684
  • 2
  • 7
  • 21
1
vote
1 answer

Are 2FA TOTP scratch or recovery codes order-sensitive?

I'm working on a Google TOTP extension for Play-Silhouette, see the corresponding Play-Silhouette-Seed project here and was wondering whether the scratch or recovery codes are order-sensitive. By order-sensitive I mean that they must be used once…
SkyWalker
  • 13,729
  • 18
  • 91
  • 187
1
vote
1 answer

Amplify Auth.verifyTotpToken - user.verifySoftwareToken is not a function

AWS Amplify - Cogito MFA TOTP Iam trying to sign in with TOTP enabled. I already setup TOTP. and getting a right reponse. ![cogintoUser]: https://i.stack.imgur.com/1VXpz.jpg - cognitoUser (object) Auth.verifyTotpToken(cogintoUser,…
Barry B
  • 47
  • 7
1
vote
1 answer

Ansible with Yubikey configured for SSH

I have a Yubikey 4 configured with a SSH key bundled inside and it works perfectly if I'm just doing simple ssh into servers with this key configured. But when I try to run ansible with this configuration, it gives me this error: fatal: [web01]:…
Rodrigo Oliveira
  • 913
  • 5
  • 16
1
vote
1 answer

Handling TOTP Implementation (PHP or JavaScript)

I have implemented 2FA (TOTP method) in one of my application. Both Secret key generation and TOTP code verification handled at server side (PHP). In some cases, TOTP code generated by TOTP Application (My case Google Authenticator) is not accepted…
Kalaivanan
  • 59
  • 1
  • 2
1
vote
1 answer

How does TOTP work if I need to store the OTP in DB?

I have a requirement A third party provider (TPP) wants to access a Rest Endpoint using an OTP. So TPP requests a service1 which in turn calls a service2 which generates an OTP, stores user specific data related to this request in DB against that…
ankita m
  • 33
  • 4
1
vote
2 answers

Using TotpSecurityStampBasedTokenProvider for TOTP with Google Authenticator

I'm implementing 2FA using TOTP on my asp.net web api 2 webservice (NOT .net core). The implementation uses the TotpSecurityStampBasedTokenProvider which is provided by the Microsoft.AspNet.Identity framework. When looking at Google Authenticator…
Peter
  • 14,221
  • 15
  • 70
  • 110
1 2 3
11 12