Time-based One-Time Passwords (TOTP)#

A time-based one-time password (TOTP) is a type of multi-factor authentication (MFA). You might also see it referred to as two-factor authentication (2FA). It is a way to add an extra layer of security to your accounts by requiring a second password/code that changes frequently.

What does a TOTP look like?#

What you will most commonly see is a 6-digit number that changes every 30 seconds.

Why use TOTPs?#

Passwords are not secure. Companies get hacked all the time, and it is best to have a second layer of security whenever possible. Password leaks are not a matter of if, but when. TOTPs cannot be leaked the same way passwords can, because they are constantly changing.

When should you use TOTPs?#

You should use TOTPs any time a website offers them. If you are concerned about the extra hassle required to organize them, you can use a password manager to store your TOTPs.

Storing TOTPs in a password manager#

There are a few ways to store TOTPs. The most common way is to use an app on your phone. This includes apps like Google Authenticator, Authy, or Duo Mobile. These apps are fine, but they can sometimes be a pain to maintain.

For most people, using a password manager is a better option. TOTPs are only useful if you actually use them, and a password manager is by far the most convenient way to use them. The only risk is that your password manager is compromised, but risk of that is lower than the risk of your accounts being compromised without TOTPs. And you can reduce that risk further by following good security practices.

Bitwarden Integration

If you use Bitwarden, you can follow this guide to learn how to add a TOTP to your vault.

If you would like to understand further, you can read some links below, otherwise you can stop here: