# Generating a Time-Based One-Time Password (TOTP) with a Shared Secret ### Introduction In the realm of digital security, Time-Based One-Time Passwords (TOTPs) play a pivotal role, particularly in two-factor authentication systems. A TOTP is a unique passcode that is valid for only a short period of time, enhancing security by adding a dynamic layer to the authentication process. These passwords are generated by combining a shared secret key with the current time, processed through a cryptographic hash function. The use of TOTPs is widespread in various security protocols due to their effectiveness in safeguarding against common threats like replay attacks. In this guide, we will delve into how to generate a TOTP using: * SHA-1 hash algorithm, * producing a 6-digit output, * with a 30-second validity interval. The process hinges on the user's shared secret, which is a critical element in ensuring that the generated TOTP is both secure and unique to each user. This guide provides an initial step towards integrating TOTP generation into your authentication systems, using Python and Node.js. The methods outlined here are straightforward and can be easily incorporated into a variety of security frameworks. *** ### Generating TOTP in Python #### Requirements * Python library: `pyotp` #### Installation ```bash pip install pyotp ``` #### Code Example ```python import pyotp def generate_totp(shared_secret): totp = pyotp.TOTP(shared_secret, interval=30, digits=6) return totp.now() # Example Usage shared_secret = 'YOUR_SHARED_SECRET_HERE' print(generate_totp(shared_secret)) ``` *** ### Generating TOTP in Node.js #### Requirements * Node.js library: `otplib` #### Installation ```bash npm install otplib ``` #### Code Example ```javascript const { totp } = require('otplib'); function generateTOTP(sharedSecret) { totp.options = { digits: 6, algorithm: 'SHA1', step: 30 }; return totp.generate(sharedSecret); } // Example Usage const sharedSecret = 'YOUR_SHARED_SECRET_HERE'; console.log(generateTOTP(sharedSecret)); ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://customer-api-docs.ibanera.com/getting-started/authentication-and-authorization/generating-a-time-based-one-time-password-totp-with-a-shared-secret.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.