TOTP Secret

Jan 1, 0001

Definition

A TOTP (Time-based One-Time Password) Secret is a shared secret key used in conjunction with the TOTP algorithm to generate time-based one-time passwords. These passwords are typically used for two-factor authentication (2FA) to enhance security by requiring a second form of verification in addition to a password. The secret must be securely stored and protected from unauthorized access, as exposure could compromise the security of the authentication process.

Secure Settings Example

# Example of securely storing a TOTP secret in a configuration file
totp:
  secret: ${TOTP_SECRET_ENV_VAR} # Use environment variables to store secrets
  issuer: "YourAppName"
  accountName: "user@example.com"

Insecure Settings Example

# Example of insecurely storing a TOTP secret in a configuration file
totp:
  secret: "hardcoded-secret-value" # Hardcoding secrets in files is insecure
  issuer: "YourAppName"
  accountName: "user@example.com"

TOTP Secret

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter