What Is TOTP
TOTP means Time-based One-Time Password. During 2FA setup, a service creates a shared secret and the user saves it in Google Authenticator, Microsoft Authenticator, another authenticator app, or a TOTP generator online. The app and the server then calculate the same code independently.
The code is one-time because it is valid only for a short time window. Most services show six digits for about 30 seconds. After the window changes, the previous value should no longer work.
How TOTP Differs from OTP
OTP is the broad term for a one-time password. TOTP is a specific kind of OTP where time is the moving factor. Other OTP methods exist, but most modern app-based 2FA workflows use TOTP.
When a website shows a QR code for 2FA setup, it usually contains an otpauth link with the secret. Written out manually, that secret often appears as a Base32 token. Treat that Base32 token as sensitive because it can generate fresh one-time codes.
Where TOTP Is Used
TOTP is common for email, admin panels, finance tools, marketplaces, and work accounts. It is supported by Google Authenticator, Microsoft Authenticator, and many authenticator alternatives.
An online generator is useful when you need to verify a token, support a test account, or generate a code from a browser. For long-term personal accounts, keep the secret in a protected authenticator app and store recovery codes separately.