{"draft":"draft-mraihi-totp-timebased-08","doc_id":"RFC6238","title":"TOTP: Time-Based One-Time Password Algorithm","authors":["D. M'Raihi","S. Machani","M. Pei","J. Rydell"],"format":["ASCII","HTML"],"page_count":"16","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IETF - NON WORKING GROUP","abstract":"This document describes an extension of the One-Time Password (OTP)\r\nalgorithm, namely the HMAC-based One-Time Password (HOTP) algorithm,\r\nas defined in RFC 4226, to support the time-based moving factor.  The\r\nHOTP algorithm specifies an event-based OTP algorithm, where the\r\nmoving factor is an event counter.  The present work bases the moving\r\nfactor on a time value.  A time-based variant of the OTP algorithm\r\nprovides short-lived OTP values, which are desirable for enhanced\r\nsecurity.\r\n\r\nThe proposed algorithm can be used across a wide range of network\r\napplications, from remote Virtual Private Network (VPN) access and\r\nWi-Fi network logon to transaction-oriented Web applications.  The\r\nauthors believe that a common and shared algorithm will facilitate\r\nadoption of two-factor authentication on the Internet by enabling\r\ninteroperability across commercial and open-source implementations.\r\nThis document is not an Internet Standards Track specification; it is\r\npublished for informational purposes.","pub_date":"May 2011","keywords":["OTP","OATH","HOTP","two factor authentication","strong authentication"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC6238","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc6238"}