There are different types of tokens that have different time limits; let us look at the difference between the Time-Based One-Time Password and HMAC-based one-time password:
- Time-Based One-Time Password (TOTP): A TOTP requires time synchronization, because the password needs to be used in a very short period of time, normally between 30 and 60 seconds. Here, we can see the TOTP that has come to a phone—it can also come to a device similar to the RSA Secure ID shown earlier in this chapter. TOTP could be used when you want to access secure cloud storage:
Figure 18: TOTP
- HMAC-based One-Time Password (HOTP): A HOTP is similar to TOTP in that a one-time password is issued; the main important factor is that there is no restriction on time but you can only use this password once.